I remember setting up something very similar to connect to IBM. So I
added the GoDady cert to the same keyring.
sr cla(digtring)
IBMUSER.smpemaint
*IBMUSER.FtpSecur *
IBMUSER.IBMRing
IBMUSER.SecureFTPKeyRing
IBMUSER.SMPEMAINT
TN3270.TNRING
***
racdcert id(ibmuser) listring(*FtpSecur*)
Digital ring information for user IBMUSER:
Ring:
>FtpSecur<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ------------ -------- -------
GeoTrust Global CA CERTAUTH CERTAUTH NO
* Go Daddy Class 2 CERTAUTH CERTAUTH YES*
So I added to my ftp.data
KEYRING IBMUSER/FtpSecur
But that still isn't the final answer
EZA2897I Authentication negotiation failed
EZA2898I Unable to successfully negotiate required authentication
EZA1735I Std Return Code = 10000, Error Code = 00017
On Wed, May 7, 2014 at 9:44 AM, Chase, John <[email protected]> wrote:
> If you're authorized to issue RACF commands, try SR CLA(DIGTRING) to list
> defined key rings (format is userid.ringname), then RACDCERT ID(userid)
> LISTRING(ringname or *) to see the ring(s) contents.
>
> Also ensure that the root cert you're interested in has TRUST status
> (default is NOTRUST).
>
> -jc-
>
> > -----Original Message-----
> > From: IBM Mainframe Discussion List [mailto:[email protected]]
> On Behalf Of Mark Pace
> > Sent: Wednesday, May 07, 2014 8:34 AM
> > To: [email protected]
> > Subject: Re: z/OS FTPS Client & Linux FTP server
> >
> > The cipher was one of my early problems. But I figured that one out.
> > vsftpd - ssl_ciphers=RC4-SHA
> > z/OS - CIPHERSUITE SSL_RC4_SHA
> >
> > I'm certain that this Keyring is (part of) my problem. Stumbling
> through
> > RACF I have found that the GoDaddy Root CA is already defined in z/OS,
> but still trying to determine
> > if it is part of a keyring.
> >
> >
> >
> > On Wed, May 7, 2014 at 8:57 AM, Donald J. <[email protected]> wrote:
> >
> > > Make sure client and server have a common cipher.
> > > SSL_AES_128_SHA and SSL_AES_256_SHA are probably more commonly used
> > > than SSL_RC4_SHA.
> > >
> > > Make sure the linus root certificate is in your z/OS client keyring.
> > >
> > > --
> > > Donald J.
> > >
> > >
> > >
> > >
> > > --
> > > http://www.fastmail.fm - A no graphics, no pop-ups email service
> > >
> > > ----------------------------------------------------------------------
> > > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > > email to [email protected] with the message: INFO IBM-MAIN
> > >
> >
> >
> >
> > --
> > The postings on this site are my own and don’t necessarily represent
> Mainline’s positions or opinions
> >
> > Mark D Pace
> > Senior Systems Engineer
> > Mainline Information Systems
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to [email protected]
> > with the message: INFO IBM-MAIN
>
> **********************************************************************
> Information contained in this e-mail message and in any attachments
> thereto is confidential. If you are not the intended recipient, please
> destroy this message, delete any copies held on your systems, notify the
> sender immediately, and refrain from using or disclosing all or any part of
> its content to any other person.
>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
--
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions
Mark D Pace
Senior Systems Engineer
Mainline Information Systems
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
