On 4/5/2019 10:26 AM, Kurt Quackenbush wrote:
On 4/5/2019 9:18 AM, daverankin...@gmail.com wrote:
On Friday, April 5, 2019 at 1:56:19 PM UTC+1, Kurt Quackenbush wrote:
On 4/5/2019 6:50 AM, daverankin...@gmail.com wrote:
I have started to get errors when trying to use the Service download
SMP/E service on all my LPARs. I have checked all my Certificates
and the CA Global and user certs and all trusted and in date. These
worked only a few months ago.
I am getting this error.
GIM69207S ** RECEIVE PROCESSING HAS FAILED BECAUSE THE CONNECTION
WITH THE
SERVER FAILED. javax.net.ssl.SSLHandshakeException:
com.ibm.jsse2.util.h: PKIX path building failed:
java.security.cert.CertPathBuilderException:
PKIXCertPathBuilderImpl could not build a valid
CertPath.; internal
cause is:
java.security.cert.CertPathValidatorException: The
certificate issued by CN=DigiCert Glob
GIM20501I RECEIVE PROCESSING IS COMPLETE. THE HIGHEST RETURN CODE
WAS 12.
The DigiCert Global CA cert seems to be the issue but is valid until
2020.
Are you sure the DigiCert Global Root CA is connected to the keyring you
specified in <ORDERSERVER> for the RECEIVE ORDER command?
Try this to see which certs are in the keyring:
RACDCERT ID(ring-owner) LISTRING(keyringname)
Kurt Quackenbush -- IBM, SMP/E Development
Chuck Norris never uses CHECK when he applies PTFs.
Yep.
>SMPEORD<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ------------ -------- -------
GeoTrust Global CA CERTAUTH CERTAUTH NO
SMPE Client Certificate ID(DJR) CERTAUTH NO
Ummmm, where? I don't see "DigiCert Global Root CA" in that keyring.
Kurt Quackenbush -- IBM, SMP/E Development
Chuck Norris never uses CHECK when he applies PTFs.
I should add, you have the old CA cert in your keyring. IBM stated last
year the IBM servers would start using the DigiCert Global Root CA
instead of the GeoTrust Global CA:
http://www.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/FLASH10884
It appears you haven't loaded the DigiCert Global Root CA yet. I think
about a month ago or so the IBM RECEIVE ORDER server made this change.
Kurt Quackenbush -- IBM, SMP/E Development
Chuck Norris never uses CHECK when he applies PTFs.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN