Re: Batch FTP suddenly broken - could it be due to the new server certificate
I believe the certificate handshake comes ahead of the PASS request, so I *think* you have a password problem, not a certificate problem (on z/OS). You really need to straighten out the certificate problem. There is a reason the TLS protocol requires that the certificate and domain names match. Also passwords in batch jobs are kind of an audit no-no. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Support, DUNNIT SYSTEMS LTD. Sent: Sunday, November 18, 2018 3:20 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Batch FTP suddenly broken - could it be due to the new server certificate Hi all, We have a hosted domain which includes an FTP server. In the past, z/OS' batch FTP client's GETs and PUTs to our server worked just fine. Today, I started FileZilla client on Windows and when I logged in, got suddenly prompted by FileZilla client regarding an "UNKNOWN CERTIFICATE". Recently our web hosting company installed the certificate. In the FileZilla message window's "SESSION DETAILS" section, it states that the host name, our company's domain name, does not match the certificate's, which is the web hosting company's domain name. FileZilla offers an option to trust the certificate and carry on connecting. That was easy. I can continue working with the FileZilla client as always. Not so z/OS batch FTP. A simple batch request like the following fails: //INPUT DD * ftp..com us...@xxx.com password bin get FILEA 'FILEA.COPY' (REPLACE QUIT // The relevant messages are: EZA1701I >>> USER us...@.com 331 User us...@.com OK. Password required EZA1701I >>> PASS 530 Login authentication failed I triple-checked that the password used in FileZilla and in the batch job are exactly the same. So I am guessing that the failure is due to the certificate. This is not my area of expertise, to say the least. Is there an option on the z/OS side that basically says carry-on in spite of any certificate issues? Your pooled professional assistance appreciated as always. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Batch FTP suddenly broken - could it be due to the new server certificate
In article <4217648717106148.wa.supportdunnitsys@listserv.ua.edu> you wrote: > Hi all, > We have a hosted domain which includes an FTP server. In the past, z/OS' > batch FTP client's GETs and PUTs to our server worked just fine. Today, I > started FileZilla client on Windows and when I logged in, got suddenly > prompted by FileZilla client regarding an "UNKNOWN CERTIFICATE". Recently our > web hosting company installed the certificate. In the FileZilla message > window's "SESSION DETAILS" section, it states that the host name, our > company's domain name, does not match the certificate's, which is the web > hosting company's domain name. FileZilla offers an option to trust the > certificate and carry on connecting. That was easy. I can continue working > with the FileZilla client as always. > Not so z/OS batch FTP. A simple batch request like the following fails: > //INPUT DD * > ftp..com > us...@xxx.com password > bin > get FILEA 'FILEA.COPY' (REPLACE > QUIT > // > The relevant messages are: > EZA1701I >>> USER us...@.com > 331 User us...@.com OK. Password required > EZA1701I >>> PASS > 530 Login authentication failed > I triple-checked that the password used in FileZilla and in the batch job are > exactly the same. So I am guessing that the failure is due to the > certificate. This is not my area of expertise, to say the least. Is there an > option on the z/OS side that basically says carry-on in spite of any > certificate issues? Your pooled professional assistance appreciated as always. You could try having FTPDATA say "SECURE_FTP ALLOWED". I suppose if that doesn't work you could always do the work to get the certificate in your keyring. See: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.gim3000/gim3115s.htm -- Don Poitras - SAS Development - SAS Institute Inc. - SAS Campus Drive sas...@sas.com (919) 531-5637Cary, NC 27513 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Batch FTP suddenly broken - could it be due to the new server certificate
Hi all, We have a hosted domain which includes an FTP server. In the past, z/OS' batch FTP client's GETs and PUTs to our server worked just fine. Today, I started FileZilla client on Windows and when I logged in, got suddenly prompted by FileZilla client regarding an "UNKNOWN CERTIFICATE". Recently our web hosting company installed the certificate. In the FileZilla message window's "SESSION DETAILS" section, it states that the host name, our company's domain name, does not match the certificate's, which is the web hosting company's domain name. FileZilla offers an option to trust the certificate and carry on connecting. That was easy. I can continue working with the FileZilla client as always. Not so z/OS batch FTP. A simple batch request like the following fails: //INPUT DD * ftp..com us...@xxx.com password bin get FILEA 'FILEA.COPY' (REPLACE QUIT // The relevant messages are: EZA1701I >>> USER us...@.com 331 User us...@.com OK. Password required EZA1701I >>> PASS 530 Login authentication failed I triple-checked that the password used in FileZilla and in the batch job are exactly the same. So I am guessing that the failure is due to the certificate. This is not my area of expertise, to say the least. Is there an option on the z/OS side that basically says carry-on in spite of any certificate issues? Your pooled professional assistance appreciated as always. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
