Tom,

In your original post you said "I have a multi-server certificate that I'm
trying to assign to a web server on the i." Are you really trying to
install a server certificate? Or just a CA Certificate?

Will the IBM I be the web server or will the IBM I be consuming a web
service on another server?

From what I read if you're trying to install a Server Certificate, there
should also be a .key file that goes along with the .crt file. The .key file
is the private key and would be required for a Server Certificate.

If the Network Team only gave you the .crt file, my guess is they are not
asking you to install a Server Certificate. It sounds unusual to install the
same server certificate on multiple systems. (especially different platform
like Windows and IBM i)

I think it would be best to confirm the type of certificate you are trying
to install before any more troubleshooting on the IBM i.

I would also ask the Network Team for the entire certificate chain (ca and
root) with each certificate in a separate file and in a .cer format. This
would be extremely helpful regardless of the answer to the above question.

Rob

------------------------------

message: 3
date: Tue, 29 Mar 2022 22:08:09 +0000
from: Tom Hightower <tomh@xxxxxxxxxxx>
subject: RE: having trouble assigning certificate to app

That could be, I have these two expired:

-USERTrustRSAAddTrustCA.crt expired 5/30/2020 -AddTrustExternalCARoot.crt
expired 5/30/2020

Apparently those have been on our various AS400 -> i systems for *years*.

I'll check with network guys to see if they can provide updated
certificates. If they don't have them, is there somewhere they can be
downloaded?

TomH

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Williams via MIDRANGE-L
Sent: Tuesday, March 29, 2022 9:50 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Cc: Rob Williams <qpgmr400@xxxxxxxxxxxxxxx>
Subject: RE: having trouble assigning certificate to app

I have seen that exact message and situation once before and the cause was
one of the CA Certificates (or Root Certificate) in the chain had expired.

You can use the following query to view the certificates in your certificate
store.

SELECT CERTIFICATE_LABEL as CERT_LABEL,
VALIDITY_START, VALIDITY_END,
SUBJECT_COMMON_NAME as SUBJECT_CN,
ISSUER_COMMON_NAME as ISSUER_CN
FROM TABLE(QSYS2.CERTIFICATE_INFO(CERTIFICATE_STORE_PASSWORD=>
'*NOPWD'))

Rob


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.