|
Home > Archive > WebSphere HTTP Server > February 2004 > iSeries and SSL Certificates using Digital Certificate Manager
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
iSeries and SSL Certificates using Digital Certificate Manager
|
|
|
| Hello,
A problem has occured (after an IPL) in that the iSeries complained
that the certificate we are using is not valid (although the validity
period starts 2003 and ends 2005! the date on the iSeries looks fine).
The log shows error code 3021 and rc -24.
I have the following question. Is it possible to delete a certificate
from the DCM and then re-import the same certificate it using the
signed key. I've tried this and it complains that it can't find the
request key. Does this mean I will need to generate a new request key
and pay to have it signed again?
Also the Verisign CA has the same problem, the iSeries thinks it's not
valid although it looks fine.
Very confusing,
Cheers
| |
|
| Just incase anyone is interested, I've found what was causing this...
it was the verisign class 2 + class 3 CA certificates that had expired
(on 7th Jan 2004). This was causing my certificates (and others) to
fail validation. I've downloaded and installed new CA certificates and
all is well.
Now why couldn't it have told me that was the problem in the first
place?
owen_was_certified@yahoo.co.uk (Owen) wrote in message news:<6a18634d.0402090922.6809c7e8@posting.google.com>...
> Hello,
>
> A problem has occured (after an IPL) in that the iSeries complained
> that the certificate we are using is not valid (although the validity
> period starts 2003 and ends 2005! the date on the iSeries looks fine).
> The log shows error code 3021 and rc -24.
>
> I have the following question. Is it possible to delete a certificate
> from the DCM and then re-import the same certificate it using the
> signed key. I've tried this and it complains that it can't find the
> request key. Does this mean I will need to generate a new request key
> and pay to have it signed again?
>
> Also the Verisign CA has the same problem, the iSeries thinks it's not
> valid although it looks fine.
>
> Very confusing,
>
> Cheers
|
|
|
|
|