Q

Setting up secure FTP

With V5R2 (latest PTFs) we are trying to setup secure FTP to our bank, but have had no success with the certificates and certificate authorities. The bank has put us in touch with another of their clients, who is having the same problem. The bank has also indicated that other iSeries FTP attempts have also been unsuccessful, with many giving up and connecting with other methods.

At least in our case, we cannot get by the "-23 Certificate is not signed by a trusted certificate authority" error when attempting a secure connection. What are we missing?

It sounds like the signer (that is, the Certificate Authority (CA) or certificate issuer) is not in the list of "Trusted signers". In other words, when the certificate is being verified, the verifier does not trust the CA that issued the certificates. To understand what needs to be fixed, you need to determine who is verifying who. In an SSL connection, the client will always verify the server. The client is the system initiating the connection. The server is the system being connected to. Optionally, you can configure the connection to require client authentication. In this case, the server verifies the client. Either the server is presenting a digital certificate issued by a CA that is not recognized by the client or vice versa. To fix the problem, you need to get the CA's root certificate in the verifier's list of CAs that it recognizes and trusts.

==================================
MORE INFORMATION ON THIS TOPIC
==================================

The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

This was first published in May 2004

Dig deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close