RE: [LINUX5250] first SSL attempt in CVS!

["Sean Porterfield" <sporter@xxxxxxxxxxxx>]

>Scott
>
>I know very little about ssl, so where's the best place to read up
>on what's
>required to get this working. I've fallen at the first hurdle, as I don't
>know how to ssl-telnet enable the AS/400. I'm interested not just
>from a work
>point of view, but it would be nice to get a secure connection to
>NetShare400
>(assuming John Ross could get the necessary done at his end of the line).
>
>Regards, Martin

OK, I'm not Scott, but I have SSL-enabled my AS/400, so I'll give this a
shot.  First and foremost, you need SSL on the AS/400.  (At this point, of
course, I'm "ass-u-ming" that you have TCP/IP running!)  I belive it's
5769AC3 (or AC1 or AC2, but AC3 is 128 bit).

Then you need a certificate on the AS/400.  I used DCM (start your HTTP
admin server and point your browser to http://as400:2001 or use OpsNav, but
it takes you to the same place.)  I think AS/400 tech studio has all the
gory details.

If you don't want to purchase a certificate, you'll need to create your own
CA and self sign the cert.  You have to tell the AS/400 to trust your CA,
and all necessary servers to use your new cert.  This is all done in DCM.

There is an option in DCM to export your cert.  You'll want to use the
copy/pase method and save it to a file.  I've only used Client Access for
SSL so far, so I don't know what you do at this point in tn5250 (but you can
be sure I'm going to try after work!)  Sadly, I don't have Linux at work
right now (on the internal LAN that I can play with, that is.)

(I found the DCM stuff in Info Center
http://publib.boulder.ibm.com/html/as400/infocenter.html then "Internet and
Secure Networks" then "Digital certificate management")

Reply back if you have problems, and if anyone has tn5250-ssl related info.