On Thu, 20 Sep 2012 14:02:29 -0400, Kurt Quackenbush <[email protected]> wrote:
>> Our firewall guys tried a couple different things, and I guess we >> made some "progress": Now the failure is "FC0994 authServer: >> secure_socket_init failed with rc = 8 (Certificate validation >> error)". > >You need the GeoTrust Global CA certificate >(https://www.geotrust.com/resources/root-certificates/index.html) in the >keyring used by the ftp client. That's the CA that signed the FTP >server's cert and is required for the SSL handshake. THANK YOU, SIR!! "NOW we're cooking with gas." Successfully completed the SSL handshake. Now all that remains is to get the last tidbit of error data to our firewall guys so they can allow the "private" (encrypted) data connection, and we should be "in business". >> Time to call Shopz Support, since we're trying to use the certificate >> they issued. The certificate works fine for RECEIVE ORDER over a >> non-SSL connection. > >I'm not sure what you mean when you say "the cert works fine for RECEIVE >ORDER over a non-SSL connection." Which cert are you talking about? >The client certificate generated by Shopz? That's not used for the SSL >handshake at all. The generated client cert is used simply to carry >unique identifying information to the server, such as IBM customer number. That was a "grasping at straws" gesture, based (partly) on the "ass.u.mption" that the CA that signed our client cert ("Equifax Secure CA") would be the same CA that signed IBM's server cert. WNORG! It did seem "odd" specifying a "personal" key ring given that the connectivity test JCL included user and password commands, which seem superfluous if authenticating with a certificate. By chance, does the ECuRep server (where we upload PMR documentation) require the GeoTrust Global CA as well? I've had similar "fun" trying th test an SSL connection there, too. Thanks, -jc- ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
