When trying to connect to a new system (via File \ New IBM i System), and checking the SSL checkbox, the PerfNav user is presented with the following error:

Unable to signon or retrieve data. The actual error message is: [FireDAC][Phys][ODBC][IBM][System i Access ODBC Driver]Communication link failure. comm rc=25414 - CWBCO1050 - The IBM i server application certificate is not trusted

To solve this the user must tell the ODBC driver to trust their Certificate Authority.

Steps:

  1. At a Windows command line, type CWBCOSSL and press enter.
  2. Click OK in the About IBM i Access Certificate Authority Downloader window.
  3. If using a local Certificate Authority on one of your IBM i systems, use the first portion of the window (“If using a IBM i CA...”).
    1. Enter the IP address for that system in the field in the first section.

      Note: the IP address for your Certificate Authority may be different from the IP address of the system that you are trying to connect to.

    2. Click the Start CA download from... button.
    3. A window will open asking you to log in - use a profile with QSECOFR privileges.
    4. When asked if you’re sure you’d like to trust everything from this CA, click Yes.
    5. You’ll be prompted for the key database password (default password is ca400).
    6. If successful, you’ll see the message The Certificate Authority has been successfully stored in the PC key database with label: _IPaddress_.
  4. If you’re using a CA that is not local to one of your IBM i’s, you’ll use the second section, If using a CA from another source...
    1. Type a label for your CA in the field Certificate Authority text label, then click the Store CA from file... button to browse to your certificate file. Once you’ve found your file, click Open.
    2. When asked if you’re sure you’d like to trust everything from this CA, click Yes.
    3. You’ll be prompted for the key database password (default password is ca400).
    4. If successful, you’ll see the message The Certificate Authority has been successfully stored in the PC key database with label: _yourLabel_
  5. Test your ODBC SSL connection to the system you’re trying to connect to using the Windows command line (make sure Data Access and Security are successful).

    cwbping _ipAddress_ /ssl:1

  6. Restart Performance Navigator, go to File \ New IBM i System, and try your SSL connection again.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: November 05, 2020