MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » December 2013

Re: setting up SSL on CGIDEV website



fixed

You need to create the request from DCM on your i.

I've not tried to import a server certificate that wasn't requested from
the machine itself. DCM, if I recall, expects you to match the request
with the new certificate.


On Sun, Dec 15, 2013 at 8:09 AM, Porterfield, Sean <
SPorterfield@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

For your purposes, I would say yes. There are multiple formats in use for
certificate files, but DCM should be able to read the .crt files you got.
You may need to do some extra work, though. Having used a PC program to
create the request, you will likely need to get the private key onto the
IBM i along with the CLIENTS.XETXW.COM.crt and any CA files required for
the trust chain. I have only used DCM with self-signed certificates
created on the system, so I can't say exactly what it will need. The
requirements and logic are cross platform, though - you need a private key
to decrypt the server key. Without that requirement, anyone would be able
to use your certificate and pretend to be your site.
--
Sean Porterfield
________________________________________
From: midrange-l-bounces@xxxxxxxxxxxx [midrange-l-bounces@xxxxxxxxxxxx]
on behalf of tim.dclinc@xxxxxxxxx [tim.dclinc@xxxxxxxxx]
Sent: Sunday, December 15, 2013 00:15
To: Midrange Systems Technical Discussion
Subject: Re: setting up SSL on CGIDEV website

I have a question regarding certificate files i generated and received.

i used an ibm pc program "create new key and certificate request to
generate a list of files:

certreq.arm
key.kdb
key.rdb

these files where given to network solutions by our networking guy. They
provided the following files back:

AddTrustExternalCARoot.crt
CLIENTS.XETXW.COM.crt
NetworkSolutions_CA.crt
UTNAddTrustServer_CA.crt

I read your documentation, but dont see any reference to .crt files. I
do see a reference to .cer files. Are they the same?

Thanks in advance.



the network guy provided me with a bunch of files ending in .crt.
On 12/13/2013 5:47 PM, Bradley Stone wrote:
DCM is the Digital Certificate Manager.

I have a section in my SSL documentation on how to work with it:

http://docs.bvstools.com/home/ssl-documentation

Im sure there are many IBM resources available as well.


On Fri, Dec 13, 2013 at 3:09 PM, tim.dclinc@xxxxxxxxx
<tim.dclinc@xxxxxxxxx>wrote:

thanks for the reply. Can you point me to where i can find out how to
access and use DCM? Never have.


On 12/13/2013 1:18 PM, Bradley Stone wrote:
In a nutshell...

1. Create a Certificate Request (server type) using DCM
2. Go to the site to get an SSL certificate and give them the request.
3. Using DCM, import the certificate (server type) into your *SYSTEM
store.
4. Create an application ID in DCM and assign the certificate to it.
5. Modify your HTTP config files to use the application ID and tell it
to
listen on the port you want to use (Default SSL is 443)

LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM
Listen xx.xx.xx.xx:443

<VirtualHost xx.xx.xx.xx:443>
SSLAppName APPID
SSLEngine On
SSLCacheDisable
</VirtualHost>





On Fri, Dec 13, 2013 at 8:28 AM, tim.dclinc@xxxxxxxxx
<tim.dclinc@xxxxxxxxx>wrote:

our iseries is hosting CGIDEV http website. We now need to set up SSL.
Does anyone have any documentation on this?

Thanks.
--

________________________________

This email is confidential, intended only for the named recipient(s) above
and may contain information that is privileged. If you have received this
message in error or are not the named recipient(s), please notify the
sender immediately and delete this email message from your computer as any
and all unauthorized distribution or use of this message is strictly
prohibited. Thank you.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact