My notes from 2012 on how I import certificates that are not created via a CSR: http://www.coraltreesystems.com/phpbb/viewtopic.php?f=4&t=1009&hilit=ssl





[https://www.netcracker.com/assets/img/netcracker-social-final.png] ƕ
-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Bradley Stone
Sent: 21 July 2017 13:55
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] Installing SSL cert from network solutions via DCM issue

[External Email]
________________________________



Normally you create a CSR first, then import the cert. I know a couple on here have said they have imported certs without a request but they never really explained how they did it. I would call IBM and ask them for assistance, and report back the solution if you can.

There has to be a way to import with out a CSR since renewing of SSL certs is done all the time. Perhaps renewing should use the original CSR? It doesn't appear so in this case.

I haven't needed to do this yet so I haven't really looked. I've always just created a CSR from DCM first.


On Fri, Jul 21, 2017 at 6:51 AM, tim <iseriesstuff@xxxxxxxxx> wrote:
We are trying to renew ssl cert provided by network solutions via DCM
and having some problems. Here is some info on setup.

Certificate type: Server or client
Certificate store: *SYSTEM
Certificate store path and filename:
/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KDB

Certificate authority:
Certificate type: Certificate Authority (CA) Certificate store:
*SYSTEM
Network Solutions-Enabled
USER Trust RSA-Enabled
AddTrust-Enabled

I downloaded the zip file from network solutions that contained the
following files:
1. AddTrustExternalCARoot.crt
2. OV_USERTrustRSACertificationAuthority.crt
3. OV_NetworkSolutionsOVServerCA2.crt
4. CLIENT.BECLTD.COM.crt

I imported files 1-3 using type "Certificate Authority (CA)" and they
worked fine.

When i tried to import the last file as a type "Server or client", i
get the following error:
"No request key is found for the certificate. If you are trying to
receive the signed certificate, you must be using the same certificate
store that was used when the certificate was requested. If this is a
CA certificate, you should use the function for importing a CA."

Just for the fun of it i tried to import that last file using
"Certificate Authority (CA)" and it worked. But it should be of type
"Server or client", no?

This is the second year we are using Network Solutions for SSL. So we
did have a working SSL prior to me trying to renew.

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing list To post a message email: WEB400@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.




________________________________
The information transmitted herein is intended only for the person or entity to which it is addressed and may contain confidential, proprietary and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.