RE: iSeries Access for MS-Windows -- MIDRANGE-L

SSL client certificate is not required unless you configured the server to require it. IA requires the server certificate to be trusted. Other clients like tn5250 can connect without trusting the certificate.
--
Sean Porterfield

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Alfredo Delgado
Sent: Sunday, March 22, 2009 17:34
To: Midrange Systems Technical Discussion
Subject: Re: iSeries Access for MS-Windows

I reused one of the certs I bought for a web site so it is signed by a trusted Certificate Authority as far as web browsers are concerned. I ask about a "Client Certificate" in the context of client authentication which I presently have set to "not required."

Is there a concise resource on what goes where locally for iSeries Access for MS-Windows? For tn5250 I didn't have to do anything other than select SSL when making the connection. The only configuration I've done was assign a cert to the telnet application in the DCM.

Alfred

On Sun, Mar 22, 2009 at 14:29, Pete Helgren <Pete@xxxxxxxxxx> wrote:

The way I understand it, if you are using SSL and CA is not recognized
by the application, then you either download the certificate locally
or you don't connect. I am not aware of an SSL connection without a
client certificate. SSL is based on the exchange of certificate information.

Could be that the CA that issued the certificate for the Telnet server
is already "known" by the client so the security warning and the
necessary download of the certificate doesn't occur (issued by Network
Solutions, GoDaddy, Thawt or many others). So that is why you may not
be prompted for anything while negotiating a connection using tn5250.
The same would apply to IA as well. My guess is that there is
something else going on causing the error on IA. But, it is just a guess.

Pete

Alfredo Delgado wrote:

Is iSeries Access for MS-Windows able to make SSL connections
without

having

a client certificate?

I ask because I can start encrypted 5250 sessions with tn5250 on my
phone and a friend confirmed he could connect from his slackware workstation.
However, when I try to connect with iSeries Access for MS-Windows I
get
'25406 - An IO error occurred on a data read or write.'

Thanks,
Alfred

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

--
Alfredo Delgado / Web Development
6800 Broken Sound Pkwy; Suite 150
Boca Raton, Florida 33487
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.