Normally you create a CSR first, then import the cert. I know a
couple on here have said they have imported certs without a request
but they never really explained how they did it. I would call IBM and
ask them for assistance, and report back the solution if you can.

There has to be a way to import with out a CSR since renewing of SSL
certs is done all the time. Perhaps renewing should use the original
CSR? It doesn't appear so in this case.

I haven't needed to do this yet so I haven't really looked. I've
always just created a CSR from DCM first.


On Fri, Jul 21, 2017 at 6:51 AM, tim <iseriesstuff@xxxxxxxxx> wrote:
We are trying to renew ssl cert provided by network solutions via DCM and
having some problems. Here is some info on setup.

Certificate type: Server or client
Certificate store: *SYSTEM
Certificate store path and filename:
/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB

Certificate authority:
Certificate type: Certificate Authority (CA)
Certificate store: *SYSTEM
Network Solutions-Enabled
USER Trust RSA-Enabled
AddTrust-Enabled

I downloaded the zip file from network solutions that contained the
following files:
1. AddTrustExternalCARoot.crt
2. OV_USERTrustRSACertificationAuthority.crt
3. OV_NetworkSolutionsOVServerCA2.crt
4. CLIENT.BECLTD.COM.crt

I imported files 1-3 using type "Certificate Authority (CA)" and they worked
fine.

When i tried to import the last file as a type "Server or client", i get the
following error:
"No request key is found for the certificate. If you are trying to receive
the signed certificate, you must be using the same certificate store that
was used when the certificate was requested. If this is a CA certificate,
you should use the function for importing a CA."

Just for the fun of it i tried to import that last file using "Certificate
Authority (CA)" and it worked. But it should be of type "Server or client",
no?

This is the second year we are using Network Solutions for SSL. So we did
have a working SSL prior to me trying to renew.

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.