These are not self signed certs. It was issued by Go Daddy. Why I was trying to add the Root authority certificate, and failed. Still researching what FC level vsftpd uses for TLS No firewalls involved, at least for this test. This a hipersocket connection between z/OS and a Linux for System running on the same CEC.
Now off to try to figure out GSKSRVR. On Wed, May 7, 2014 at 12:56 PM, Rob Schramm <[email protected]> wrote: > It is definitely TLS and not ATTLS. > > GSKSRVR trace is your friend. > > Biggest issues that i have had > -Self signed certs are not allowed courtesy of TLS 1.0 > -RFC level is very important!!! > -Firewalls and extended pasv are not supported by many clients > > Rob > On May 7, 2014 11:51 AM, "Mark Pace" <[email protected]> wrote: > > > Crap - I've gotten myself so confused. > > That was a client certificate I put in many years ago when we did SSL on > > our TN3270 connections. I think I still need to add the Go Daddy root > > certificate, which what I thought that one was. How I hate this stuff. > > > > > > On Wed, May 7, 2014 at 11:43 AM, Donald J. <[email protected]> wrote: > > > > > The DEFAULT YES would be used for a client certificate, > > > not for a CERTAUTH entry. > > > > > > -- > > > Donald J. > > > > > > > Digital ring information for user IBMUSER: > > > > > > > > Ring: > > > > >FtpSecur< > > > > Certificate Label Name Cert Owner USAGE > DEFAULT > > > > -------------------------------- ------------ -------- > ------- > > > > GeoTrust Global CA CERTAUTH CERTAUTH NO > > > > * Go Daddy Class 2 CERTAUTH CERTAUTH > YES* > > > > > > > > > > -- > > > http://www.fastmail.fm - mmm... Fastmail... > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > > > > > > -- > > The postings on this site are my own and don’t necessarily represent > > Mainline’s positions or opinions > > > > Mark D Pace > > Senior Systems Engineer > > Mainline Information Systems > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
