IBM Mainframe Forum

Hi,

Has anyone been able to import a self-signed cert from GSKKYMAN to a Windows machine? Windows tells me that the import was successful, but I'm still not able to connect from Windows to z/OS FTPS.

Any ideas?

Thanks!

but I'm still not able to connect from Windows to z/OS FTPS.

unfortunately You did not post anything useful to start giving any advice.

Based upon what you have posted so far, I would start by looking at the IP address / DNS name you are using -- with no other starting point, the assumption must be that you cannot connect your Windows machine to the z/OS machine due to DNS or IP problems.

Sorry for being vague...

I am able to connect from the Windows FTP client to the z/OS FTPS server but I get the following error message:

Command: AUTH TLS
Response: 234 Security environment established - ready for negotiation
Status: Initializing TLS...
Error: GnuTLS error -12: A TLS fatal alert has been received.
Error: Could not connect to server

It looks seems to be that the certificate isn't correct. Or am I missing another step? I exported the key in GSKKYMAN, downloaded it on the Windows client, imported it using MMC.

Going from z/OS client to z/OS server works perfectly. No issues.

And the people who really can help you (your networking group) say...?

Thanks for the responses.

I do not think this is a network issue, it may be an understanding of what type of encoding that works for a MS Windows platform issue. The reason why it may not be an issue is because, the connectivity is made, however the certificate handshake fails. There is a successful handshake with another z/OS system, but not one with Windows client.

Just to update this...

I found the issue to be that the SITE certificate was not signed by the CA Certificate. This caused for a mismatch in the certificates during authentication negotiations.