Repeating the earlier msg.
Ok, so I am trying to use ATTLS for FTPS.. My RECEIVEORDER log goes:
> /bin/ftp -e deliverycb-bld.dhe.ibm.com
Using 'GIBNEY.FTP.DATA' for local site configuration parameters.
Using //'TCPIP.STANDARD.TCPXLBIN' for FTP translation tables for the control con
nection.
Using //'TCPIP.STANDARD.TCPXLBIN' for FTP translation tables for the data connec
tion.
IBM FTP CS V1R13
FTP: using TCPIP
FTP: EXIT has been set.
Using catalog '/usr/lib/nls/msg/C/ftpdmsg.cat' for FTP messages.
Connecting to: dispby-117.boulder.ibm.com 170.225.15.117 port: 21.
220-IBM's internal systems must only be used for conducting IBM's
220-business or for purposes authorized by IBM management.
220-
220-Use is subject to audit at any time by IBM management.
220-
220 dhebpcb01 secure FTP server ready.
15:19:59(000005BD.4) FC0255 ftpAuth: security values: mech=TLS, tlsmech=ATTLS, s
FTP=A, sCC=C, sDC=P
15:19:59(000005BD.4) FC2704 ftpAuthAttls: No AT-TLS policy matched connection
Authentication negotiation failed
NAME (deliverycb-bld.dhe.ibm.com:GIBNEY):
> S042242j
>>> USER S042242j
The Geotrust cert is in my keyring:
RACDCERT ID(GIBNEY) listRING(FTPClientRing)
Digital ring information for user GIBNEY:
Ring:
>FTPClientRing<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ------------ -------- -------
GeoTrust Global CA CERTAUTH CERTAUTH NO
> -----Original Message-----
> From: IBM Mainframe Discussion List [mailto:[email protected]]
> On Behalf Of Jesse 1 Robinson
> Sent: Wednesday, March 09, 2016 4:38 PM
> To: [email protected]
> Subject: Re: (External):Re: IBM secure z/OS software delivery: Don't get
> locked
> out!
>
>
>
> .
> .
> .
> J.O.Skip Robinson
> Southern California Edison Company
> Electric Dragon Team Paddler
> SHARE MVS Program Co-Manager
> 323-715-0595 Mobile
> 626-302-7535 Office
> [email protected]
>
>
> -----Original Message-----
> From: IBM Mainframe Discussion List [mailto:[email protected]]
> On Behalf Of Gibney, David Allen
> Sent: Wednesday, March 09, 2016 2:46 PM
> To: [email protected]
> Subject: (External):Re: IBM secure z/OS software delivery: Don't get locked
> out!
>
> AS noted in my reply a day or so ago, I am successfully submitting the
> RECIEVEORDER securely (at least I think I am, it fails when the certificate
> expires:)) But, then when it fires up FTPS to retrieve the package, the TLS
> (or AT-
> TLS) handshake fails.
>
> > -----Original Message-----
> > From: IBM Mainframe Discussion List [mailto:[email protected]]
> > On Behalf Of Kurt Quackenbush
> > Sent: Wednesday, March 09, 2016 2:38 PM
> > To: [email protected]
> > Subject: Re: IBM secure z/OS software delivery: Don't get locked out!
> >
> > > ... I'm only mildly concerned about
> > > the keyring name, as we use a totally different name associated with
> > > SMP/E, not with Java. That keyring works fine today.
> >
> > If you're already downloading securely, then you can continue to use
> > your same keyring. My example in the article was simply that, an
> > example, which uses the default Java truststore instead of a security
> > manager
> (RACF) keyring:
> >
> > <CLIENT
> > downloadmethod=”https”
> > downloadkeyring=”javatruststore”
> > javahome="/usr/lpp/java/J6.0"
> > >
> > </CLIENT>
> >
> > I call this the "Fast Path" because for someone that is not already
> > downloading securely, then using HTTPS with the Java truststore is the
> > quickest and simplest choice because you don't need to mess around
> > with keyrings or a security manager product at all.
> >
> > If anyone is interested, more details can be found here:
> > https://urldefense.proofpoint.com/v2/url?u=http-
> > 3A__www.ibm.com_support_knowledgecenter_SSLTBW-
> >
> 5F2.2.0_com.ibm.zos.v2r1.gim3000_dsetups.htm&d=CwIDaQ&c=C3yme8gMkx
> > g_ihJNXS06ZyWk4EJm8LdrrvxQb-
> >
> Je7sw&r=u9g8rUevBoyCPAdo5sWE9w&m=vkv4CpLe_hygd7rNmto_QCrcBflG_Y
> > A6s0g2dvojUTE&s=K3EXMlACn-O47e9WLTyXIE2I_lbl-1mZlh3MS3oFSGo&e=
> >
> > Kurt Quackenbush -- IBM, SMP/E Development
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > email to [email protected] with the message: INFO IBM-MAIN
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send email to
> [email protected] with the message: INFO IBM-MAIN
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
