FYI, Not sure when it last worked for you, but in 2018 IBM did change the CA cert requirements - http://www-03.ibm.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006d2e0a/bdee3c698260c970852582170066c99f/$FILE/New%20Certificate%20Authority.pdf
_____________________________________________________________________________________________________ Dave Jousma AVP | Manager, Systems Engineering Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand Rapids, MI 49546 616.653.8429 | fax: 616.653.2717 -----Original Message----- From: Jousma, David Sent: Friday, September 6, 2019 12:18 PM To: 'IBM Mainframe Discussion List' <[email protected]> Subject: RE: Grrr SMP/E receive problem Rob, Do you have these keys on your keyring besides your Shopz one? Pretty sure both the DIGIcert Global Root CA and the GeoTrust are needed. KEYRING LABEL = SMPE_USER_KEYRING KEYRING HAS THE FOLLOWING CERTIFICATES CONNECTED: ACID(CERTAUTH) DIGICERT(DigiGRCA) DEFAULT(NO ) USAGE(CERTAUTH) LABLCERT(DigiCert Global Root CA ) ACID(CERTAUTH) DIGICERT(GeoTrst2) DEFAULT(NO ) USAGE(CERTAUTH) LABLCERT(GeoTrust Global CA ) ACID(xxxxxxxx ) DIGICERT(Shopz ) DEFAULT(NO ) USAGE(CERTAUTH) LABLCERT(Shopz ) For the SSL handshake for FTP download (vs HTTPS) I use the certs that come prepackaged in java for that. downloadmethod="ftp" downloadkeyring="javatruststore"> _____________________________________________________________________________________________________ Dave Jousma AVP | Manager, Systems Engineering Fifth Third Bank | 1830 East Paris Ave, SE | MD RSCB2H | Grand Rapids, MI 49546 616.653.8429 | fax: 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Rob Schramm Sent: Friday, September 6, 2019 12:08 PM To: [email protected] Subject: Re: Grrr SMP/E receive problem **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** Kurt, Many many times. It is always the same. I have been trying setting up my own shopz cert after the prior cert expired. I just assumed it was my setup. I am thinking about running a gsksrvr trace because the message is so unhelpful. Rob Schramm On Fri, Sep 6, 2019, 08:00 Kurt Quackenbush <[email protected]> wrote: > On 9/5/2019 4:33 PM, Rob Schramm wrote: > > > GIM69207S ** RECEIVE PROCESSING HAS FAILED BECAUSE THE CONNECTION > > WITH THE SERVER FAILED. javax.net.ssl.SSLHandshakeException: > > > > com.ibm.jsse2.util.h: PKIX path building failed: > > > > java.security.cert.CertPathBuilderException: > > > > PKIXCertPathBuilderImpl could not build a valid CertPath.; internal > > > > cause is: java.security.cert.CertPathValidatorException: The > > > > certificate issued by EMAILADDRESS=sup > That looks like a server issue. The identified certificate in the > SSLHandshakeException is the Server's certificate, not yours. So for > some reason at the moment you tried to connect to the server it was > not using the correct certificate. I can't explain this. > > Have you tried again? The server seems to working properly for me at > the moment. > > Kurt Quackenbush -- IBM, SMP/E Development Chuck Norris never uses > CHECK when he applies PTFs. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL** **DO NOT open attachments or click on links from unknown senders or unexpected emails** This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
