Donald - I really don't understand this whole certificate thing. And only working with them once every couple of years, I quickly forget what little bit I learned. However I was able to follow your logic about the certificates, root and intermediate. I added the intermediate cert and now I can connect with TLS. Still no joy trying to use AT-TTLS even with the corrected certs.
I give up on AT-TTLS. I'll come back to it one day when I TLS no longer works. On Mon, May 12, 2014 at 3:44 PM, Donald J. <dona...@4email.net> wrote: > A GSK trace is most likely needed. > Did you ever resolve the intermediate certificate issue I mentioned on > my May 8 message? > > Your ftp.s390.mainline.com server certificate is issued by the GoDaddy > intermediate cert: > Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., > OU=http://certificates.godaddy.com/repository, CN=Go Daddy Secure > Certification Authority/ > serialNumber=07969287 > > The GoDaddy intermediate cert above is issued by the root cert : > Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 > Certification Authority > > It appears you do not have the intermediate cert in the keyring at > either end. If you have 100 clients and 1 server, it would be easier to > put in the one server keystore. But you can probably put it in your > z/OS client keystore instead. > > If you can't find it, you can download it from the 3rd cert > (gd_intermediate.crt) on this page: > https://certs.godaddy.com/anonymous/repository.pki > > -- > Donald J. > dona...@4email.net > > > > FC2903 authServerAttls: ioctl() failed on SIOCTTLSCTL - EDC8121I > > Connection > > reset. (errno2=0x77B17343) > > EZA2897I Authentication negotiation > > failed > > EZA1534I *** Control connection with 10.6.0.10 > > dies. > > > > If I read this right the 7343 part of the errno2 says that it expected a > > secure response, but it was sent clear text. > > I've tried > > SECUREIMPLICITZOS both TRUE and FALSE - with true I don't see the 220- > > messages, but still get the same error. > > > > > -- > http://www.fastmail.fm - A fast, anti-spam email service. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN