Most SSL Certificates are signed by more than one entity. The multiple
entities are know as the CA Chain.

If you see the SSL documentation on this page:
http://docs.bvstools.com/home/ssl-documentation/exporting-certificate-authorities-cas-from-a-website

You'll see the paypal.com certificate has 2 CAs in the "chain". Verisign
and Verisign Class 3......

When importing them you need to do it one at a time. But before that you
need to export them from the certificate one at a time. That's something I
normally do for customers since it's a lot quicker for me to do it than
not. :)

Then I send them to the customer and point them to the instructions on how
to import them here:
http://docs.bvstools.com/home/ssl-documentation/importing-a-certificate-authority-ca

Brad
www.bvstools.com

On Thu, Oct 27, 2016 at 3:27 PM, Alan Shore <ashore@xxxxxxxx> wrote:

Hi Brad
The error I am receiving is
Error performing SSL handshake. There is no error. RC(23) errno().
And what do you mean with
You do need to load the CA chain for most applications when you're the
client.
CA chain?

Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Bradley Stone
Sent: Thursday, October 27, 2016 8:20 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: Connecting to web using TLS

Alan,

What error codes are you receiving.

You do need to load the CA chain for most applications when you're the
client. IBM doesn't automatically put anything but the most basic in the
*SYSTEM store when it's created.

Brad
www.bvstools.com

On Thu, Oct 27, 2016 at 1:51 PM, Alan Shore <ashore@xxxxxxxx> wrote:

Thanks for your reply Peter
We are using Krengel Tech RPG-XML Suite and have had no problems with
web service calls what so ever For this new company, I have created a
proof of concept program (read - quick, with no bells and whistles)
and I seem to be connecting, but the error code that I am receiving
says that I need to load a certificate onto the AS/400 However - they
say I don't need to load a certificate but to use TLS protocol

quote
When we receive a request, we check the level of encryption. We allow
merchants to connect to us only in secure https mode using TLS
protocols and we strongly recommend to use the most recent and secure
versions which are currently TLS 1.1 and 1.2.
Endquote

We followed the instructions from the web site I included below -
stopped and started all the INBNDSRVR jobs - but still receive the
same error code

Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Peter Connell
Sent: Thursday, October 27, 2016 2:39 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: Connecting to web using TLS

Alan,

We've been having trouble with web service calls to some data
providers who now support only TLS protocols.
My impression is that there appear to be issues with the limited
number of cipher suites supported by IBM i5 so a successful handshake
using IBM legacy or GSK APIs may depend on the ciphers that the
provider supports but I'm not certain of this.
I've found that using a simple java program (complied at JDK7) to do
the actual connection works fine since JDK70 supports a wider range of
ciphers.
Connecting using curl via a PHP script also seems to work.

Cheers, Peter

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Alan Shore
Sent: Friday, 28 October 2016 6:55 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Connecting to web using TLS

Hi everyone
Before I forget, we are on V7r1 (finally) I have been asked to place
web service calls but need to use TLS protocols - Quote When we
receive a request, we check the level of encryption. We allow
merchants to connect to us only in secure https mode using TLS
protocols and we strongly recommend to use the most recent and secure
versions which are currently TLS 1.1 and 1.2.

endquote

I have searched the web, and the only thing I can find is the
following web page

http://www-01.ibm.com/support/docview.wss?uid=nas8N1019971

Does anyone have any other instructions?
Just trying to cover all bases



Alan Shore
E-mail : ASHORE@xxxxxxxx
Phone [O] : (631) 200-5019
Phone [C] : (631) 880-8640
'If you're going through hell, keep going.'
Winston Churchill

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/
midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


##############################################################
This correspondence is for the named person's use only. It may contain
confidential or legally privileged information, or both. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this correspondence in error, please immediately delete
it from your system and notify the sender. You must not disclose, copy
or rely on any part of this correspondence if you are not the intended
recipient. Any views expressed in this message are those of the
individual sender, except where the sender expressly, and with
authority, states them to be the views of Veda. If you need
assistance, please contact Veda :- Australia http://www.veda.com.au/
contact-us New Zealand http://www.veda.co.nz/contact-veda
##############################################################

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/
midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.