David: I have been thinking about changing our internet access to our box via SSL. I like the idea of blocking port 23 in the firewall and opening up 992. But if the AS400 just hands out the cert, then is it that much better? Anyone with a SSL enabled Telnet client can then access the box. What I really like is you idea of needing to send the cert to someone you want to access the AS400. I have created a cert on the AS400 (a long time ago), and have a few questions: 1. Is there an option in the Telnet-SSL server that says "don't hand out the cert"? 2. How do you extract the AS400 generated cert to send it to people? 3. Where on the PC side do you install the cert? Is this done in internet explorer? Or in the Telnet client. Thanks for the education. cjg Carl J. Galgano EDI Consulting Services, Inc. 600 Kennesaw Avenue, Suite 400 Marietta, GA 30060 (770) 422-2995 - voice (419) 730-8212 - fax mailto:cgalgano@xxxxxxxxxxxxxxxxx http://www.ediconsulting.com AS400 EDI, Networking, E-Commerce and Communications Consulting and Implementation http://www.icecreamovernight.com Premium Ice Cream Brands shipped Overnight Visit our website to subscribe to our FREE AS/400 Timesharing Service -----Original Message----- From: David C. Shea [mailto:dshea@xxxxxxxxxxxx] Sent: Thursday, March 18, 2004 8:19 PM To: Midrange Systems Technical Discussion Subject: RE: remote telnet with ssl Telnet with SSL works very nicely on the AS/400. I have tested it with Client Access, Mocha and Nexus Mainframe Terminal. Mocha and NMT also have SSL enabled printer features that work very nicely. You need to set up a certificate on the AS/400, which it then dishes out to the client automagically. You need to be able to get through to the AS/400 on port 992 instead of port 23 like regular telnet. So, you'd have to open up that port on the firewall. The problem with Client Access is that you need to open up several other ports besides 23 or 992 to be able to connect. CA does something special before even initiating the telnet connection. A decent VPN is probably more secure than SSL telnet, but SSL telnet at least encrypts the traffic between host and client. If you really wanted to get fancy, I assume that you could set up certificates at both ends (as400 and pc) so that the host 400 wouldn't just dish out a cert to anyone that comes knocking. This would provide an added level of security - only someone with the right cert installed could get a connection. If I recall, setting up the cert on the 400 wasn't a big deal. The info center had the step by step. I managed to get it running in about a half hour. -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz Sent: Thursday, March 18, 2004 8:07 PM To: MIDRANGE-L@xxxxxxxxxxxx Subject: remote telnet with ssl Is there such a thing as remote telnet with ssl, but not having to ssl the local network? This is to have remote "support" access to customers who don't want a vpn or to use ssl locally. Currently no windoze server for other options. jim _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.