MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » July 2002

Re: Problem with SSL



fixed

Hi,

The reason that it "just sits there" when you try to connect to port 2001,
is because that's the regular (non-SSL) port.  It's connected, and trying
to enable SSL, but since that port doesn't do SSL, nothing happens.

As for why port 2010 doesn't work, I'd try narrowing down the problem
a bit.

1)  Check if the SSL enabled *ADMIN server is even running.   Do a
      NETSTAT *CNN from your as/400, and see if there's anything
      listening on port 2010.  If not, it's not running.  Check
      QSYSOPR for messages, and also check the spool for job logs
      that might be related.

2)  See if you can connect from the LAN.  If you can connect from
      the LAN, then the server is working properly, and the
      problem is a firewall/routing/NAT issue.

3)  If the LAN works, and you're using NAT, you might need to make
      sure that the domain name from teh outside is the same as
      the domain name from the inside.   It's possible that the name
      you're connecting as doesn't match the name on the certificate,
      which might cause SSL to think somethings wrong.

Hope that helps...


On Tue, 16 Jul 2002, Justin Houchin wrote:
>
> Hi Everyone,
>             I am trying to get a secure connection to my *ADMIN Server
> Instance. I have my test system certificate installed from VeriSign. I
> have gone into the "Security configuration" and setup the SSL
> connection, SSL Port 2010, SSl Client Authentication-Optional. I have
> gone into the Digital Certificate Manager and did a "work with secure
> applications". I assigned my VeriSign certificate to
> QIBM_HTTP_SERVER_ADMIN. I shutdown and restarted the *admin server
> instance. I downloaded the test CA certificate to my web browser from
> VeriSign. I pass port 2001 and port 2010 through the firewall to the
> 400. I connect to my home computer using PcAnywhere to simulate being on
> a machine outside of the firewall. I pull up a web browser and type
> https://www.reliatek.com:2001...the
> <https://www.reliatek.com:2001...the/>  machine sits there like it is
> trying to load. I check the netstat on the 400 and it shows
> 24.216.***.**    2035       as-admi >  000:00:06  Established, but
> nothing happens. When I type in https://www.reliatek.com:2010
> <https://www.reliatek.com:2010/> , it says page cannot be displayed. Any
> Suggestions????
>
>







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact