Yes, if you get them separately that works.

On Sun, May 7, 2023 at 5:06 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx> wrote:

OK - I just used copy/paste to create the individual certs.

Thanks for the help it is all working now.


Jon P.

On May 7, 2023, at 4:33 PM, Brad Stone <bvstone@xxxxxxxxx> wrote:

You export the CAs from your certificate. Import them from the highest
to
lowest, then import the CA. you can't do bundles, correct. That's why
you
export the CAs one at a time from the certificate.



On Sun, May 7, 2023 at 2:27 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx>
wrote:

There's no mention of a "bundle" there Brad that I can see and it talks
to
exporting when I need to import the CAs.

I ended up going back into my notes and finally found what I needed.
For
the sake of anyone who picks up this thread in future ...


The IBM DCM won't handle bundles. No idea why. You have to open the
bundle in a text editor and save off the individual certs contained
within
it. In my case two files.

You then have to import them in the order of precedence. In my case the
second one had to be imported first, then the first in the bundle. Don't
know if that is standard. Once both had been imported I could import my
own
cert and it all worked.

I realized that I had had part of this discussion last year on Midrange
and between what you said and the comments of the time plus my own
notes it
all came together.


Sigh ... I long for the day when all this can really be better
automated.
Or at least that a few of the cert issuers included IBM i in their
instructions.

Thanks to all - hopefully I'll remember all this next year!


Jon P.



On May 7, 2023, at 2:20 PM, Brad Stone <bvstone@xxxxxxxxx> wrote:

No, Jon. It's all there.



https://docs.bvstools.com/home/ssl-documentation/exporting-certificate-authorities-cas-from-a-website#exporting

Go to the section labeled "*Exporting Each Separate CA"*

On Sun, May 7, 2023 at 12:08 PM Jon Paris <jon.paris@xxxxxxxxxxxxxx>
wrote:

Thanks Brad but it doesn't really help.

I had already done everything up to and including the import. But the
import will not complete because of missing CAs. I _thought_ they
were
in
the .bundle file but I can find zero information on how to handle that
file
or indeed get the CAs any other way.


Jon P.

On May 6, 2023, at 5:02 PM, Brad Stone <bvstone@xxxxxxxxx> wrote:

Have DCM create the CSR.

Copy and paste the CSR into the site you're getting the certificate
from.

Once you have the cert, import it and assign it to your application.

You may need to also import a CA or two from the new cert if they're
not
there yet.

I have info here:
https://docs.bvstools.com/home/ssl-documentation

Article on this (needs to be updated to new DCM):



https://drive.google.com/file/d/1VxLX1ku7whPVIyetQLqpAYKE_VUFm4D_/view?usp=sharing



On Sat, May 6, 2023 at 11:17 AM Jon Paris <jon.paris@xxxxxxxxxxxxxx>
wrote:

I thought I had written all this down but ...

My main cert is expiring in a couple of weeks so I set everything up
and
ordered the new certs. So far so good.

I have the .crt uploaded but cannot for the life of me remember how
to
deploy the bundle so that I can activate the cert.

I have searched all over the IBM docs but cannot find anything
useful.

I am using the new DCM which while much better than the old one is
not
exactly intuitive.

Can someone point me to some simple documentation to take me through
this.


Jon P.

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.