× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2024

Re: Configure new Navigator for TLS but doesn't come up on TLS port

Interesting again.  I think for me, using LetEncrypt was the fast path since the CA for LetEncrypt is well known and has been in the Java keystore for quite some time (or maybe I added it long ago). So that may have led to an easier implementation for me.

Good write-up with helpful info.

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals

On 1/17/2024 11:41 AM, Jack Woehr via MIDRANGE-L wrote:
GOT IT WORKING gasp pant phew.

1. I had to add the keystore password manually to
/QIBM/UserData/OS/ADMININST/admin1/wlp/usr/servers/admin1/server.env
- keystore_password=vad_som_helst

I don't know why I had to do this manually, but after I did this, Navigator
came up on 2003 with TLS.

BUT THEN I COULDN'T CONNECT TO THE SERVER FROM iNAVIGATOR! ARGH!

Here's what I discovered.

1. The instructions for using TLS to connect Navigator to the host
server threads are here
<https://www.ibm.com/docs/en/i/7.5?topic=options-setting-up-tls-encryption#rzat10tlsencryption__browser_conn_navigator>
.
2. I had done this prior to setting up Navigator itself for TLS. <<
Don't do this!
3. When TLS is activated for the Navigator itself, apparently only then
the setup for TLS->the host server threads used by iNavigator is activated!
4. The TLS setup for iNavigator itself*uses the DCM keystore*.
5. The TLS setup for iNavigator to connect to the host server threads *uses
the Java keystore*.
6. Our setup has a self signed certificate whose self-signed CA is not
in the Java keystore.
7. So when I activated TLS correctly (by manually adding the DCM
keystore password to server.env) that activated the TLS connection to the
host server threads, which*did not work* because the self-signed
certificate (or its self-signed CA) is not in the Java keystore.

Anyway, I'm up and running now. Thanks everyone for the help and
encouragement!

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.