× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



We had another conf call today with Rocket.
Conclusion.
Jwalk has 2 parts to the SSL config.
1) Jwalk client (PC) to Jwalk Server (iSeries)
2) Jwalk Server (iSeries) to i5/OS(iSeries)
The wild card cert WILL work from the Jwalk client (PC) to Jwalk Server (iSeries)
SSL will not work NOT, with or without Wildcard, Jwalk Server (iSeries) to i5/OS(iSeries)

Below is the jwalk.ini file, better clarified.

[ICOMS]
; Telnet connection
CcsId=37
GraphicalAccessServices=1
Emulator=Seagull5250
EmulatorSystem=127.0.0.1
HttpHelpBase=http://x.x.x.x/JWALK827/JWALKAPP
LicenseSystem=
ShowAllKeys=1
ShowEmulator=0
WideScreen=1
ServerPort=1289
DataAccessMode=2
WorkingDirectory=x.x.x.x/JWALK827/JWALKAPP/JAVA8XX
EmulatorSystemPort=23


;SSL between Jwalk Server and iSeries
;EmulatorConnect=TcpIp
;SecureAlternateCommonName=psiguitest.pencor.com
;SecureCertificateAuthorityFile=/SSLCERTS/SSLPSIGUITEST/psiguitest.pem

;SSL between Java Client and Jwalk Server, using either WC cert or std cert
SecureClient=1
SecureServerPort=1299
SecureCertificateFile=/SSLCERTS/SSLWCTEST/psicertchain.pem
SecurePrivateKeyFile=/SSLCERTS/SSLWCTEST/privatekey.pem

;SecureCertificateFile=/SSLCERTS/SSLPSIGUITEST/psiguitest.pem
;SecurePrivateKeyFile=/SSLCERTS/SSLPSIGUITEST/psiguitest.key

Below is the conf call summary from Rocket support.

1. OpenSSL within our JWALK server on iSeries is version 0.9.8e
2. New Certificates with encryption that are not compatible with JWALK Server's version of Open SSL
Let me spell it out here:
SSL will work fine in 4.2c6 and any release higher, when SSL is between the Java Applet and the Jwalk Server; the specific problem is when you set SSL between the Jwalk Server when the Jwalk Server resides on the iSeries - and the TCP protocol on the iSeries - the reason is the Jwalk Server at any of our releases will not recognize the encryption of the new certificates - our OpenSSL as it relates to the Jwalk Server on the iSeries is version 0.9.8e - last updated in 2007.

So to distill all of this:

When the Jwalk Server resides on a Windows box:
SSL works between the Java Applet and the Jwalk server and between the Jwalk server and the iSeries

When the Jwalk Server resides on the iSeries:
SSL works between the Java Applet and the Jwalk Server but does not work between the Jwalk Server and the iSeries

Thanks
Paul

-----Original Message-----
From: Steinmetz, Paul
Sent: Friday, October 31, 2014 4:26 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Enabling SSL for Rocket iSeries Jwalk Server for Java Client - Warning T02-Peer certificate verification >>>This certificate is not trusted

Chris,

Rocket/Jwalk does not use a store, everything is in the Jwalk.ini file that resides in IFS folder SEAJWK.

; SecureAlternateCommonName=name The common name of a certificate that should be accepted even though it does not match the site name
; SecureCertificateAuthorityFile=name The certificate authority file to use if the secure root database of Windows is not available or wanted
; SecureCertificateAuthorityPath=name The certificate authority path to use if the secure root database of Windows is not available or wanted.
; It points to a directory containing CA certificates in PEM format.
; The files each contain one CA certificate.
; SecureCertificateFile=name File containing the certificate that the server should send to the connecting secure client
; SecureClient=0 Use SSL when listening for incoming secure Client connections (0=No, 1=Yes)
; SecureManagementConsole=0 Use SSL when listening for incoming Browser connection for the Management Console (0=No, 1=Yes)
; SecurePrivateKeyFile=name The file containing the private key that belongs to the certificate that the server sends
; SecureServerPort=1299 To which port should the server listen for incoming secure connections
; ServerLocalIPAddress=name Identification of local IP Address for server


SecureAlternateCommonName=*.pencor.com
SecureCertificateAuthorityFile=/SSLCERTS/SSLPSI/ca-certificate.pem
SecureCertificateFile=/SSLCERTS/SSLPSI/certificate.pem
SecurePrivateKeyFile=/SSLCERTS/SSLPSI/privatekey.pem

Paul



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Friday, October 31, 2014 4:11 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Enabling SSL for Rocket iSeries Jwalk Server for Java Client - Warning T02-Peer certificate verification >>>This certificate is not trusted

Then the app will need the CA cert in its own data store. But and am not all that familiar with Rocket so if it does not use the system certificate store, it must have its own.

Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Friday, October 31, 2014 1:03 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Enabling SSL for Rocket iSeries Jwalk Server for Java Client - Warning T02-Peer certificate verification >>>This certificate is not trusted

Chris,

This app does NOT use the IBM DCM keystore.
A different app that uses this same cert within DCM keystore works fine.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.