× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2016

RE: Feedback on EIM configuration using SSL

You must import the CA certificates that issued your SSL certificates into your *SYSTEM certificate store. Make sure you import as a CA and not regular certificate. If you are using the Certificate issued from the local CA on your iSeries, you will have to import it's CA certificate into your domain controllers and Kerberos server as a trusted root certificate.


Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Thursday, October 27, 2016 8:16 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Feedback on EIM configuration using SSL

We are working with a consultant to help us get EIM setup for single signon using Active Directory. Everything we do with Client Access we run as SSL. Our system name is as400adm.pct.edu when we setup the connection for Client Access. We also run Apache on this system and have it secured with a Verisign certificate. The certificate is registered as as400sec.pct.edu. We use to run the web server as as400adm.pct.edu and them added a secure site and used as400sec.pct.edu for that name. The Kerberos part of the setup for EIM appears to be working fine and testes our at qshell. We assigned our Verisign certificate to the LDAP server and EIM in DCM. Got Tivoli Directory setup to use SSL but EIM said it could not communicate with the Directory. Consultant thought it was probably due to the mismatch between the system name of as400adm.pct.edu and the certificate name of as400sec.pct.edu. We then tried to create a local CA and issue a certificate under the name as400adm.pct.edu and a
ssign that cert to LDAP Directory and EIM but still get an error that something is wrong with the certificate chain. We have another session with the consultant this afternoon and hope to get a ticket open with IBM for the same time but wanted to ask the group if anyone has ever done EIM setup using SSL and if you might have any tips for where we might look to resolve this.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.