Trying to turn on some DEBUG information DEBUG FLO FC1003 authServer: secure_socket_init failed with rc = 410 (SSL message format is incorrect)
So not to try to figure out where to find this error message. On Wed, May 7, 2014 at 10:19 AM, Mark Pace <[email protected]> wrote: > I remember setting up something very similar to connect to IBM. So I > added the GoDady cert to the same keyring. > > sr cla(digtring) > IBMUSER.smpemaint > *IBMUSER.FtpSecur * > IBMUSER.IBMRing > IBMUSER.SecureFTPKeyRing > IBMUSER.SMPEMAINT > TN3270.TNRING > *** > > > > racdcert id(ibmuser) listring(*FtpSecur*) > Digital ring information for user IBMUSER: > > Ring: > >FtpSecur< > Certificate Label Name Cert Owner USAGE DEFAULT > -------------------------------- ------------ -------- ------- > GeoTrust Global CA CERTAUTH CERTAUTH NO > * Go Daddy Class 2 CERTAUTH CERTAUTH YES* > > > So I added to my ftp.data > KEYRING IBMUSER/FtpSecur > > But that still isn't the final answer > > EZA2897I Authentication negotiation failed > EZA2898I Unable to successfully negotiate required authentication > EZA1735I Std Return Code = 10000, Error Code = 00017 > > > > On Wed, May 7, 2014 at 9:44 AM, Chase, John <[email protected]> wrote: > >> If you're authorized to issue RACF commands, try SR CLA(DIGTRING) to list >> defined key rings (format is userid.ringname), then RACDCERT ID(userid) >> LISTRING(ringname or *) to see the ring(s) contents. >> >> Also ensure that the root cert you're interested in has TRUST status >> (default is NOTRUST). >> >> -jc- >> >> > -----Original Message----- >> > From: IBM Mainframe Discussion List [mailto:[email protected]] >> On Behalf Of Mark Pace >> > Sent: Wednesday, May 07, 2014 8:34 AM >> > To: [email protected] >> > Subject: Re: z/OS FTPS Client & Linux FTP server >> > >> > The cipher was one of my early problems. But I figured that one out. >> > vsftpd - ssl_ciphers=RC4-SHA >> > z/OS - CIPHERSUITE SSL_RC4_SHA >> > >> > I'm certain that this Keyring is (part of) my problem. Stumbling >> through >> > RACF I have found that the GoDaddy Root CA is already defined in z/OS, >> but still trying to determine >> > if it is part of a keyring. >> > >> > >> > >> > On Wed, May 7, 2014 at 8:57 AM, Donald J. <[email protected]> wrote: >> > >> > > Make sure client and server have a common cipher. >> > > SSL_AES_128_SHA and SSL_AES_256_SHA are probably more commonly used >> > > than SSL_RC4_SHA. >> > > >> > > Make sure the linus root certificate is in your z/OS client keyring. >> > > >> > > -- >> > > Donald J. >> > > >> > > >> > > >> > > >> > > -- >> > > http://www.fastmail.fm - A no graphics, no pop-ups email service >> > > >> > > ---------------------------------------------------------------------- >> > > For IBM-MAIN subscribe / signoff / archive access instructions, send >> > > email to [email protected] with the message: INFO IBM-MAIN >> > > >> > >> > >> > >> > -- >> > The postings on this site are my own and don’t necessarily represent >> Mainline’s positions or opinions >> > >> > Mark D Pace >> > Senior Systems Engineer >> > Mainline Information Systems >> > >> > ---------------------------------------------------------------------- >> > For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to [email protected] >> > with the message: INFO IBM-MAIN >> >> ********************************************************************** >> Information contained in this e-mail message and in any attachments >> thereto is confidential. If you are not the intended recipient, please >> destroy this message, delete any copies held on your systems, notify the >> sender immediately, and refrain from using or disclosing all or any part of >> its content to any other person. >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > > > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
