Kevin,

DCM has required a matching request when importing a certificate (unless
things have changed in newer OS releases.. which hopefully they have).
I've always just done things by the book.. I guess. :)

Your document explains how to import the CAs if required, but I didn't see
how you'd bypass the requirement DCM gives you of having a matching
request. There's not mention of the error you would get stating the
matching request is required.

I've actually never tried to bypass this requirement of DCM, and I'm sure
it is possible and would be required in some instances, especially when
using a wildcard certificate.

Brad



On Sun, Dec 22, 2013 at 10:21 AM, Kevin Turner <
kevin.turner@xxxxxxxxxxxxxxxxxxxx> wrote:

Sorry Brad, but that is not the case. You don't have to make the request
from DCM in order to be able to import it into DCM. For example, our
certificate covers several servers and domains, only one of which is served
from an IBMi. You can import any certificate from a trusted CA into DCM
regardless of where the request was created. What is true is that DCM does
not make it simple to do so - unlike Windows for example. It can be a bit
of a pain, but if you know what you are doing you can do it. I went
through the pain of importing a GoDaddy certificate on our IBMi and
documented the process here:

http://www.coraltreesystems.com/phpbb/viewtopic.php?f=4&t=1009&p=3684&hilit=godaddy#p3684




-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On
Behalf Of Bradley Stone
Sent: 22 December 2013 16:11
To: Web Enabling the IBM i (AS/400 and iSeries)
Subject: Re: [WEB400] Self-Signed Certificates

Just to note, that process isn't complete.

You have to make a request first using DCM that you give to the
certificate provider. Then when you get it you import it.

It won't let you import a certificate without a request.

Also, you may need to import the CA(s) used by the certificate into your
*SYSTEM store first as well.

So the sequence is more like this:

1. Create a server certificate request using DCM 2. Give that to your
Certificate source (they will ask for it).
3. Import the certificate. Possibly importing the CAs used by the
certificate first if required.


On Fri, Dec 20, 2013 at 2:06 PM, Rich Loeber <rich@xxxxxxxxx> wrote:

Perfect!

Thanks. This makes my day.

Hope you have a wonderful Christmas celebration!

Rich



----------------------------------------------------------------------
----

On 12/20/2013 3:01 PM, Aaron Bartell wrote:

This is pretty good:
[1]
http://itquestions.com/questions/1155/how-to-install-a-digital-certifi
cate-on-the-iserie.html

Aaron Bartell


On Fri, Dec 20, 2013 at 1:51 PM, Rich Loeber [2]<rich@xxxxxxxxx> wrote:


Thanks Aaron .... is the installation process on the IBM i straight
forward?

Rich



----------------------------------------------------------------------
----

On 12/20/2013 2:49 PM, Aaron Bartell wrote:

There are very inexpensive trusted certificates you can buy. I've
bought
comodo in the past.

[1][3]https://comodosslstore.com/

Aaron Bartell


On Fri, Dec 20, 2013 at 1:46 PM, Rich Loeber [2][4]<rich@xxxxxxxxx>
wrote:


I'm using an Apache server instance with HTTPS for an application
locally. I have secured it with a self-signed certificate that I
created
using DCM. The process works OK, but the first time a user logs
into
the
site (we use FireFox here), they get a security warning that the
certificate is not from a trusted source. I know where the
certificate
came from, so I'm OK with this, but there are some users who get
very
nervous when they see this exception message.

Is there any way around this issue without having to spend money on
a
"trusted" certificate?

Rich Loeber - @richloeber
Kisco Information Systems
[1][3][5]http://www.kisco.com

References

Visible links
1. [4][6]http://www.kisco.com/
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: [[7]5]WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: [6][8]http://lists.midrange.com/mailman/listinfo/web400
or email: [[9]7]WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at [8][10]http://archive.midrange.com/web400.

References

Visible links
1. [11]https://comodosslstore.com/
2. [12]mailto:rich@xxxxxxxxx
3. [13]http://www.kisco.com/
4. [14]http://www.kisco.com/
5. [15]mailto:WEB400@xxxxxxxxxxxx
6. [16]http://lists.midrange.com/mailman/listinfo/web400
7. [17]mailto:WEB400-request@xxxxxxxxxxxx
8. [18]http://archive.midrange.com/web400
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: [19]WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: [20]http://lists.midrange.com/mailman/listinfo/web400
or email: [21]WEB400-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
[22]http://archive.midrange.com/web400.

References

Visible links
1.

http://itquestions.com/questions/1155/how-to-install-a-digital-certificate-on-the-iserie.html
2. mailto:rich@xxxxxxxxx
3. https://comodosslstore.com/
4. mailto:rich@xxxxxxxxx
5. http://www.kisco.com/
6. http://www.kisco.com/
7. mailto:5]WEB400@xxxxxxxxxxxx
8. http://lists.midrange.com/mailman/listinfo/web400
9. mailto:7]WEB400-request@xxxxxxxxxxxx
10. http://archive.midrange.com/web400
11. https://comodosslstore.com/
12. mailto:rich@xxxxxxxxx
13. http://www.kisco.com/
14. http://www.kisco.com/
15. mailto:WEB400@xxxxxxxxxxxx
16. http://lists.midrange.com/mailman/listinfo/web400
17. mailto:WEB400-request@xxxxxxxxxxxx
18. http://archive.midrange.com/web400
19. mailto:WEB400@xxxxxxxxxxxx
20. http://lists.midrange.com/mailman/listinfo/web400
21. mailto:WEB400-request@xxxxxxxxxxxx
22. http://archive.midrange.com/web400
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list To post a message email: WEB400@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.


NOTICE: The information in this electronic mail transmission is intended
by CoralTree Systems Ltd for the use of the named individuals or entity to
which it is directed and may contain information that is privileged or
otherwise confidential. If you have received this electronic mail
transmission in error, please delete it from your system without copying or
forwarding it, and notify the sender of the error by reply email or by
telephone, so that the sender's address records can be corrected.




--------------------------------------------------------------------------------


CoralTree Systems Limited
Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton
Hampshire
SO15 2EA
VAT Registration Number 834 1020 74.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.