× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2010

Re: SSL and iSeries as a consumer of a web service on a PC workstation

Hi John,

Doing an HTTP call by IP address isn't a good idea because it eliminates the ability to use name-based virtual hosting. However, it shouldn't have any effect on SSL!

So you say a lot of stuff in your e-mail... but you have yet to tell us what software you're using, or what problems you're having...

Personally, I can do all of the things you're asking for without issue using HTTPAPI. Indeed, it's the default behavior.



On 4/23/2010 9:15 AM, John Duenweg wrote:
I have a question about the options that exist when the iSeries is
establishing an *SSL connection* to a PC workstation acting as a server.

This scenario occurs when the iSeries is operating as a client and the
destination is a workstation that operates as the web-server.

The only caveat regarding this scenario that is different than with a
standard call via SSL is that the destination *may not* have a correct
digital certificate for itself. The destination *may* have a digital
certificate where the *name* of certificate *does not match* the name of the
machine.

These are the things that we may know about the destination and the digital
certificate returned:

· The name of the machine may be: workstation4.myurl.com…. or the
name may not be known.

· The machine could be called based on an IP address.

· The name of the digital certificate returned by the destination
may be: application.certname.com

· The iSeries can determine that the digital certificate is my
digital certificate



*What I would like to happen:*
· The iSeries operates as a client and calls the workstation
· The iSeries may call the workstation using the ip address and not
a name. example: https://192.168.1.12/remote_service

· The workstation will return a digital certificate that was
generated by us.

· The digital certificate may have a ‘generic’ name… such as: CN=”
application.certname.com”

· The iSeries (during the setup of the SSL connection) is OK with
the digital certificate, even though the name (CN) doesn’t match the name
that was used to call the workstation.

· The SSL connection is established and everyone is happy.
(Subsequently, the data passed on the connection is encrypted just like any
normal SSL connection.)


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.