I remember setting up something very similar to connect to IBM.   So I
added the GoDady cert to the same keyring.

sr cla(digtring)
IBMUSER.smpemaint
*IBMUSER.FtpSecur *
IBMUSER.IBMRing
IBMUSER.SecureFTPKeyRing
IBMUSER.SMPEMAINT
TN3270.TNRING
***



racdcert id(ibmuser) listring(*FtpSecur*)
Digital ring information for user IBMUSER:

  Ring:
       >FtpSecur<
  Certificate Label Name             Cert Owner     USAGE      DEFAULT
  --------------------------------   ------------   --------   -------
  GeoTrust Global CA                 CERTAUTH       CERTAUTH     NO
 * Go Daddy Class 2                   CERTAUTH       CERTAUTH     YES*

So I added to my ftp.data
KEYRING          IBMUSER/FtpSecur

But that still isn't the final answer
EZA2897I Authentication negotiation failed
EZA2898I Unable to successfully negotiate required authentication
EZA1735I Std Return Code = 10000, Error Code = 00017



On Wed, May 7, 2014 at 9:44 AM, Chase, John <[email protected]> wrote:

> If you're authorized to issue RACF commands, try SR CLA(DIGTRING) to list
> defined key rings (format is userid.ringname), then RACDCERT ID(userid)
> LISTRING(ringname or *) to see the ring(s) contents.
>
> Also ensure that the root cert you're interested in has TRUST status
> (default is NOTRUST).
>
>   -jc-
>
> > -----Original Message-----
> > From: IBM Mainframe Discussion List [mailto:[email protected]]
> On Behalf Of Mark Pace
> > Sent: Wednesday, May 07, 2014 8:34 AM
> > To: [email protected]
> > Subject: Re: z/OS FTPS Client & Linux FTP server
> >
> > The cipher was one of my early problems.  But I figured that one out.
> > vsftpd -  ssl_ciphers=RC4-SHA
> > z/OS - CIPHERSUITE SSL_RC4_SHA
> >
> > I'm certain that this Keyring  is (part of) my problem.   Stumbling
> through
> > RACF I have found that the GoDaddy Root CA is already defined in z/OS,
> but still trying to determine
> > if it is part of a keyring.
> >
> >
> >
> > On Wed, May 7, 2014 at 8:57 AM, Donald J. <[email protected]> wrote:
> >
> > > Make sure client and server have a common cipher.
> > > SSL_AES_128_SHA and SSL_AES_256_SHA are probably more commonly used
> > > than SSL_RC4_SHA.
> > >
> > > Make sure the linus root certificate is in your z/OS client keyring.
> > >
> > > --
> > >   Donald J.
> > >
> > >
> > >
> > >
> > > --
> > > http://www.fastmail.fm - A no graphics, no pop-ups email service
> > >
> > > ----------------------------------------------------------------------
> > > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > > email to [email protected] with the message: INFO IBM-MAIN
> > >
> >
> >
> >
> > --
> > The postings on this site are my own and don’t necessarily represent
> Mainline’s positions or opinions
> >
> > Mark D Pace
> > Senior Systems Engineer
> > Mainline Information Systems
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to [email protected]
> > with the message: INFO IBM-MAIN
>
> **********************************************************************
> Information contained in this e-mail message and in any attachments
> thereto is confidential. If you are not the intended recipient, please
> destroy this message, delete any copies held on your systems, notify the
> sender immediately, and refrain from using or disclosing all or any part of
> its content to any other person.
>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>



-- 
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions

Mark D Pace
Senior Systems Engineer
Mainline Information Systems

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to