× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



so Jack, just ran your PASE command and it did produce the certificate but
the info does not match the certificate info i copied from within DCM when
I setup the certificate (though not saying it is supposed to)... is your
PASE method independent of what I did in DCM? Where did this certificate
in PASE get generated from?

Jay

On Tue, Apr 28, 2020 at 10:48 AM Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:

well cool! - ok told you i was a newb... BUT, i never did mention "giving
anyone the private key"... I said public key.

anyhow, sounds like that may be a moot point... so I am going to follow
your guidance here because the ONLY thing i want to do via browser (or gui
tool) is to test my api consumption using postman.

though ultimately yes, this will not be for a browser, but for an external
biz partner to consume an API.

Jack as always, thanks for the "bail out"... let me run with your
suggestion.

Jay

On Tue, Apr 28, 2020 at 10:34 AM Jack Woehr <
jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

On Tue, Apr 28, 2020 at 8:23 AM Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:



Objective: create ssl http server, create certificate, export off
iSeries
to any off platform calls into the server via http.


First thing: If Postman wants a key file, whoa, you're off into the wrong
process. You never give an https client your private key.

Next:

- As I understand it, you want clients to reach your IBM i via HTTPS.
- You don't have a public CA associated with your self-signed cert, so
you're trying to provide clients with a copy of your cert to add to
their
store.

If this is the case, anyone with a reasonable browser can just contact you
via HTTPS, get the ugly warning message, and tell their browser to accept
the self-signed cert.

If this is not a browser but some automated process that wants to contact
the i via HTTPS, then you can easily grab the self-signed cert to add to
their keystore.

From a linux box or from the IBM i itself in PASE:

openssl s_client -connect *myIBMiOrIPAddr:443*

Highlight the cert with your mouse including the BEGIN and END lines and
email it to your business partner.

--
Jack Woehr
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you received
this communication in error, please contact the sender and delete/destroy
all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.