I spoke too soon!
I've followed the steps on the flash, and my RACF database shows: -
Label:DigiCert Global Root CA
Certificate ID:2QiJmZmDhZmjgcSJh4nDhZmjQMeTloKBk0DZlpajQMPB
Status:TRUST
Start Date:2006/11/10 00:30:00
End Date: 2031/11/10 00:30:00
Serial Number:083BE056904246B1A1756AC95991C74A
Issuer's Name:CN=DigiCert Global Root CA.OU=www.digicert.com.O=DigiCert
Inc.C=US
I've added it to the keyring we use for smp/e recieves: -
Ring:
FtpSecur
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ----------- -------- --------
GeoTrust Global CA CERTAUTH CERTAUTH YES
DigiCert Global Root CA CERTAUTH CERTAUTH NO
I've refreshed DIGTCERT & DIGTRING - but my recieve still fails, telling me the
certificate isn't trusted: -
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building
failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl
could not build a valid CertPath.;
internal cause is: java.security.cert.CertPathValidatorException:
The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com,
O=DigiCert Inc, C=US is not trusted;
What have I missed?
TIA
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
