|
Greetings all! I'm back on certificates trying to make telnet more secure. We currently only allow SSL connections that provide a valid certificate. DCM has been told to only trust certificates signed by it. My original plan was to parse the certificate in the telnet exit point and check for a valid, enabled user. I constantly got "CPF227B Certificate not correct for specified type." which could mean an error in my program or could mean QsyParseCertificate can't read the certificate from the telnet server. In either case, I've been informed that's not good enough. Not only do we need to be able to disallow remote access for users who are not disabled, we also need to be able to disallow a particular certificate (for example, it could have been compromised.) My mind immediately jumps to CRL at that point. I downloaded the Redbook: IBM eserver iSeries Wired Network Security OS/400 V5R1 DCM and Cryptography Enhancements. It describes how to configure the LDAP server, how to assign CA to CRL to LDAP as far as checking the CRL. What I can't figure out is how to actually GET the CRL from DCM to publish on the LDAP server. The book keeps saying to contact the CA to find their CRL. I've contacted myself repeatedly but haven't received an answer :) Anyone know if/how the DCM creates the CRL to be published? Sean Porterfield Best Distributing Co.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
