|
I don't have a better check list but have been there. You can't install SSL unless you have 57xx-AC3 installed. Your CAE setup won't include SSL unless your signon has authority to the SSL directory. If you have created your own Certificate Authority... After you do the DCM to create the certificate, assign it to the servers (you need more than just Telnet and it doesn't hurt to assign it to the rest) you need to leave it running for the following. The first time I tried to connect from outside the firewall with only the SSL Telnet port open and only the Telnet server assigned the certificate I got an error that CAE was unable to retrieve the usage history but was able to continue and work. After I opened more of the SSL ports and assigned the certificate I got rid of this error also. You then need to go into OPS NAV while connected inside the firewall and on the host's properties select the "Secure Sockets" tab then download the OS/400 Certificate Authority. You need to be inside the firewall because this uses the non-SSL ports. Once you have downloaded the certificate you can use the IBM Key Manager to export it and use that file to import it to PCs that are outside the firewall. If you want to have user certificates this also needs to be done while DCM is running. So far I haven't found a way to get the *ADMIN instance to run SSL so have also been doing this part inside the firewall. Initial connection of each session is slower than non-SSL but from then on seems to run about the same speed. I had asked on this list if anyone had a full check list before and didn't get much response. I had planned to put it together and submit it to the MIDRANGE FAQ but haven't got there yet. First I want to complete the project by getting user certificates required to use Telnet. I want to end up being able allow home based workers to log in. If they leave the company not only is their user profile removed but their certificate is revoked so if by chance they know someone else's user/password they still can not get in because it should be less likely that XYZ also gave them the certificate file. Roger Vicker, CCP "Wills, Mike N. (TC)" wrote: > Has anyone else set up SSL on CAE before (system and CAE @ V5R1)? Do you > have better instructions than what IBM has. I can't get it to work :-(. > > -----Original Message----- > From: Wills, Mike N. (TC) [mailto:MNWills@taylorcorp.com] > Sent: Tuesday, August 27, 2002 11:38 AM > To: 'midrange-l@midrange.com' > Subject: RE: SSL Client Access > > Grrr... Now I get an error 414 when I try to connect. > > -----Original Message----- > From: John Ross [mailto:jross-ml@netshare400.com] > Sent: Tuesday, August 27, 2002 10:53 AM > To: midrange-l@midrange.com > Subject: RE: SSL Client Access > > See if the following link helps > http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/99 > df6a2e1f95bced86256b8200581f1e?OpenDocument&Highlight=0,ssl > > John Ross > > At 10:25 AM 8/27/2002 -0500, you wrote: > >Am I missing something in my install. My 5250 session doesn't have the SSL > >option. I have it working with MochaSoft's client though! > > > >-----Original Message----- > >From: John Ross [mailto:jross-ml@netshare400.com] > >Sent: Monday, August 26, 2002 8:14 PM > >To: midrange-l@midrange.com > >Subject: Re: SSL Client Access > > > > > >I need to do this also, so I would like to hear how it goes. > >Look > >at > >http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/index.htm?info/rz > a > >in/rzainrzaintelntpi.htm > > > >John Ross > > > >At 05:33 PM 8/26/2002 -0500, you wrote: > > >Can someone point in the right direction to get this setup? > > > > > >Thanks, > > >Mike Wills > > >_______________________________________________ -- *** Vicker Programming and Service *** Have bits will byte *** www.vicker.com *** Death takes its toll. Please have exact change ready.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.