Brad

I can 100% guarantee you do not need a matching request in DCM. I have imported many server certificates into DCM and have never once had he need to generate the initial request from DCM. The only trouble I have had is when the CA chain is not already present (which that forum post circumnavigated).

Kevin

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: 22 December 2013 16:50
To: Web Enabling the IBM i (AS/400 and iSeries)
Subject: Re: [WEB400] Self-Signed Certificates

Kevin,

DCM has required a matching request when importing a certificate (unless things have changed in newer OS releases.. which hopefully they have).
I've always just done things by the book.. I guess. :)

Your document explains how to import the CAs if required, but I didn't see how you'd bypass the requirement DCM gives you of having a matching
request. There's not mention of the error you would get stating the
matching request is required.

I've actually never tried to bypass this requirement of DCM, and I'm sure it is possible and would be required in some instances, especially when using a wildcard certificate.

Brad



On Sun, Dec 22, 2013 at 10:21 AM, Kevin Turner < kevin.turner@xxxxxxxxxxxxxxxxxxxx> wrote:

Sorry Brad, but that is not the case. You don't have to make the request
from DCM in order to be able to import it into DCM. For example, our
certificate covers several servers and domains, only one of which is
served from an IBMi. You can import any certificate from a trusted CA
into DCM regardless of where the request was created. What is true is
that DCM does not make it simple to do so - unlike Windows for
example. It can be a bit of a pain, but if you know what you are
doing you can do it. I went through the pain of importing a GoDaddy
certificate on our IBMi and documented the process here:

http://www.coraltreesystems.com/phpbb/viewtopic.php?f=4&t=1009&p=3684&;
hilit=godaddy#p3684




-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of Bradley Stone
Sent: 22 December 2013 16:11
To: Web Enabling the IBM i (AS/400 and iSeries)
Subject: Re: [WEB400] Self-Signed Certificates

Just to note, that process isn't complete.

You have to make a request first using DCM that you give to the
certificate provider. Then when you get it you import it.

It won't let you import a certificate without a request.

Also, you may need to import the CA(s) used by the certificate into
your *SYSTEM store first as well.

So the sequence is more like this:

1. Create a server certificate request using DCM 2. Give that to
your Certificate source (they will ask for it).
3. Import the certificate. Possibly importing the CAs used by the
certificate first if required.


On Fri, Dec 20, 2013 at 2:06 PM, Rich Loeber <rich@xxxxxxxxx> wrote:

Perfect!

Thanks. This makes my day.

Hope you have a wonderful Christmas celebration!

Rich



--------------------------------------------------------------------
--
----

On 12/20/2013 3:01 PM, Aaron Bartell wrote:

This is pretty good:
[1]
http://itquestions.com/questions/1155/how-to-install-a-digital-certi
fi
cate-on-the-iserie.html

Aaron Bartell


On Fri, Dec 20, 2013 at 1:51 PM, Rich Loeber [2]<rich@xxxxxxxxx> wrote:


Thanks Aaron .... is the installation process on the IBM i straight
forward?

Rich



--------------------------------------------------------------------
--
----

On 12/20/2013 2:49 PM, Aaron Bartell wrote:

There are very inexpensive trusted certificates you can buy. I've
bought
comodo in the past.

[1][3]https://comodosslstore.com/

Aaron Bartell


On Fri, Dec 20, 2013 at 1:46 PM, Rich Loeber
[2][4]<rich@xxxxxxxxx>
wrote:


I'm using an Apache server instance with HTTPS for an application
locally. I have secured it with a self-signed certificate that I
created
using DCM. The process works OK, but the first time a user
logs
into
the
site (we use FireFox here), they get a security warning that the
certificate is not from a trusted source. I know where the
certificate
came from, so I'm OK with this, but there are some users who
get
very
nervous when they see this exception message.

Is there any way around this issue without having to spend
money on
a
"trusted" certificate?

Rich Loeber - @richloeber
Kisco Information Systems
[1][3][5]http://www.kisco.com

References

Visible links
1. [4][6]http://www.kisco.com/
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: [[7]5]WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: [6][8]http://lists.midrange.com/mailman/listinfo/web400
or email: [[9]7]WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at [8][10]http://archive.midrange.com/web400.

References

Visible links
1. [11]https://comodosslstore.com/
2. [12]mailto:rich@xxxxxxxxx
3. [13]http://www.kisco.com/
4. [14]http://www.kisco.com/
5. [15]mailto:WEB400@xxxxxxxxxxxx
6. [16]http://lists.midrange.com/mailman/listinfo/web400
7. [17]mailto:WEB400-request@xxxxxxxxxxxx
8. [18]http://archive.midrange.com/web400
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: [19]WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: [20]http://lists.midrange.com/mailman/listinfo/web400
or email: [21]WEB400-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
[22]http://archive.midrange.com/web400.

References

Visible links
1.

http://itquestions.com/questions/1155/how-to-install-a-digital-certifi
cate-on-the-iserie.html
2. mailto:rich@xxxxxxxxx
3. https://comodosslstore.com/
4. mailto:rich@xxxxxxxxx
5. http://www.kisco.com/
6. http://www.kisco.com/
7. mailto:5]WEB400@xxxxxxxxxxxx
8. http://lists.midrange.com/mailman/listinfo/web400
9. mailto:7]WEB400-request@xxxxxxxxxxxx
10. http://archive.midrange.com/web400
11. https://comodosslstore.com/
12. mailto:rich@xxxxxxxxx
13. http://www.kisco.com/
14. http://www.kisco.com/
15. mailto:WEB400@xxxxxxxxxxxx
16. http://lists.midrange.com/mailman/listinfo/web400
17. mailto:WEB400-request@xxxxxxxxxxxx
18. http://archive.midrange.com/web400
19. mailto:WEB400@xxxxxxxxxxxx
20. http://lists.midrange.com/mailman/listinfo/web400
21. mailto:WEB400-request@xxxxxxxxxxxx
22. http://archive.midrange.com/web400
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.


NOTICE: The information in this electronic mail transmission is
intended by CoralTree Systems Ltd for the use of the named individuals
or entity to which it is directed and may contain information that is
privileged or otherwise confidential. If you have received this
electronic mail transmission in error, please delete it from your
system without copying or forwarding it, and notify the sender of the
error by reply email or by telephone, so that the sender's address records can be corrected.




----------------------------------------------------------------------
----------


CoralTree Systems Limited
Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton
Hampshire
SO15 2EA
VAT Registration Number 834 1020 74.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.


NOTICE: The information in this electronic mail transmission is intended by CoralTree Systems Ltd for the use of the named individuals or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone, so that the sender's address records can be corrected.



--------------------------------------------------------------------------------


CoralTree Systems Limited
Company Registration Number 5021022.
Registered Office:
12-14 Carlton Place
Southampton
Hampshire
SO15 2EA
VAT Registration Number 834 1020 74.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.