Hi Bradley
Thanks for that, but the problem is that if we import a CA certificate from Wintel into IBM i, it comes in as a CA certificate.
IBM i will not allow you to attach a CA level certificate to an application, you have to create IBM's "Server or Client" level certificate.
This is fine for communicating between 2 iSeries machines, but does not work in a mixed environment.
IBM wants this special "Server or Client" level certificate for itself which is incompatible with the Windows world which wants CA certificates.
The DCM allows you to create your own "Server or Client" level certificate but it won't import into Windows.
Windows lets you create a CA certificate, which can import onto the iSeries DCM but it then won't attach to an application.
Alasdair
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of midrange-l-request@xxxxxxxxxxxx
Sent: 11 January 2017 14:20
To: midrange-l@xxxxxxxxxxxx
Subject: MIDRANGE-L Digest, Vol 16, Issue 62
Send MIDRANGE-L mailing list submissions to
midrange-l@xxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.midrange.com/mailman/listinfo/midrange-l
or, via email, send a message with subject or body 'help' to
midrange-l-request@xxxxxxxxxxxx
You can reach the person managing the list at
midrange-l-owner@xxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific than "Re: Contents of MIDRANGE-L digest..."
*** NOTE: When replying to this digest message, PLEASE remove all text unrelated to your reply and change the subject line so it is meaningful.
Today's Topics:
1. Re: How to Invoke a constant in a Java class from RPG (Don Brown)
2. SSL certificates for applications (Alasdair Simpson)
3. Re: SSL certificates for applications (Bradley Stone)
4. Re: Road Map to move a home grown application from RPG to DB2
SQL or to any other data base platform (Vernon Hamberg)
5. *** ADMIN: RPG & Java topics (David Gibbs)
6. Re: CPU monitor >90% for 5 minutes - attach to the alert the
jobs and/or tasks causing the issue. (Rob Berendt)
7. RE: Road Map to move a home grown application from RPG to DB2
SQL or to any other data base platform (Ken Meade)
----------------------------------------------------------------------
message: 1
date: Wed, 11 Jan 2017 22:48:55 +1000
from: Don Brown <DBrown@xxxxxxxxxx>
subject: Re: How to Invoke a constant in a Java class from RPG
Thanks Arco
That may be a way to represent the ALL but it does not solve how I can do it in a single parameter. The prototype setLevel only has one parameter.
Sent from my iPhone
On 11 Jan. 2017, at 21:55, Arco Simonse <arco400@xxxxxxxxx> wrote:
Hi Don,
According to the documentation
https://docs.oracle.com/javase/7/docs/api/java/util/logging/Level.html#ALL
the ALL level is represented by Integer.MIN_VALUE and not string.
Would it help if you define a variable as java integer, initialize it
with
*loval, and use that as parameter?
Best regards,
-Arco
2017-01-11 6:42 GMT+01:00 Don Brown <DBrown@xxxxxxxxxx>:
I am trying to get logging working in Java to investigate an issue
with
a
class failing.
In doing so I used the Rdi option to generate the Java method Calls.
In Java to set the logging level you can do;
Logger.getLogger("Braintree").setLevel(Level.ALL);
What I don't know how to do in RPG is set the constant ALL where ALL
is
a
constant in class Level that returns a Level object.
In RPG I have the following;
D getLogger PR O CLASS(*JAVA :
'java.util.logging.L+
D ogger' )
D EXTPROC(*JAVA :
'java.util.logging+
D .Logger' : 'getLogger' )
D STATIC
D
D loggerName O CLASS(*JAVA :
'java.lang.String' )
D setLevel PR EXTPROC(*JAVA :
'java.util.logging+
D .Logger' : 'setLevel' )
D newString pr o extproc(*java
D : 'java.lang.String'
D : *constructor)
D value 25a const varying
D loggerNameJ S O CLASS(*JAVA :
'java.lang.String' )
D getLoggerRet S O CLASS(*JAVA :
'java.util.logging.L+
D ogger' )
D LevelJ S O CLASS(*JAVA :
'java.util.logging.L+
D evel' )
loggerNameJ = newString('Braintree');
getLoggerRet = getLogger( loggerNameJ );
LevelJ = newString('ALL');
setLevel(getLoggerRet : LevelJ);
The program will not compile as the prototype for setLevel only
expects one parameter.
Any suggestions appreciated
Don Brown
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
------------------------------
message: 2
date: Wed, 11 Jan 2017 09:17:47 +0000
from: Alasdair Simpson <Alasdair.Simpson@xxxxxxxxxxxxxxx>
subject: SSL certificates for applications
Hi
We have a specific application which creates HTML to send to a Wintel server and get a response back. We would like to secure this by SSL.
All the documentation I have read so far says that to secure a specific application, you have to use the Digital Certificate Manager (DCM) to declare the application and then use a Client/Server certificate to secure it.
While testing, I have been able to use the DCM to generate a new client/server certificate but there does not seem to be any way to export this in a form that the target Wintel server can understand. It only seems to allow you to send it to another iSeries.
Going from the other side, the various Java Key tools I have found will create a full Organization certificate but are unaware of this 'client/server' level. Thus we don't seem to be able to create the require certificate level on the Windows server either.
Do we need to go out to an Internet provider and request certificates from them? If so, how we ask for the iSeries side and Windows side and get them to use the same keys?
Any help or pointer much appreciated.
Alasdair Simpson
Target Group Registered in England & Wales No 01208137. Registered Office: Target House, Cowbridge Road East, Cardiff CF11 9AU.
CONFIDENTIALITY. This email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please do not disclose the contents to anyone, or take any action based on them, but notify the sender by return email and delete this email (and any attachments) from your system.
Messages sent to and from us may be monitored.
Internet communications cannot be guaranteed to be secure or error-free.
This e-mail and any attachments have been checked by virus detection software before transmission. You should carry out your own virus checks on the contents of this communication. We accept no liability for any loss or damage which may be caused by software viruses or by interception or interruption of this mail.
Any views or opinions presented are solely those of the author and do not necessarily represent those of the company. We do not accept any liability arising in any way from relying upon such views or opinions.
Calls may be recorded for training and security purposes.
------------------------------
message: 3
date: Wed, 11 Jan 2017 07:21:22 -0600
from: Bradley Stone <bvstone@xxxxxxxxx>
subject: Re: SSL certificates for applications
You should only need to make the connection on your wintel server SSL.
Then just import the CAs from the SSL certificate on the wintel server on your IBM i using DCM.
See here:
http://docs.bvstools.com/home/ssl-documentation
Where you get the server certificate is up to you. You could even make a self-signed one on your IBM i.
You can go one step further and use a client side SSL certificate as well, but it sounds like overkill in this case.
Brad
www.bvstools.com
On Wed, Jan 11, 2017 at 3:17 AM, Alasdair Simpson < Alasdair.Simpson@xxxxxxxxxxxxxxx> wrote:
Hi
We have a specific application which creates HTML to send to a Wintel
server and get a response back. We would like to secure this by SSL.
All the documentation I have read so far says that to secure a
specific application, you have to use the Digital Certificate Manager
(DCM) to declare the application and then use a Client/Server
certificate to secure it.
While testing, I have been able to use the DCM to generate a new
client/server certificate but there does not seem to be any way to
export this in a form that the target Wintel server can understand. It
only seems to allow you to send it to another iSeries.
Going from the other side, the various Java Key tools I have found
will create a full Organization certificate but are unaware of this
'client/server' level. Thus we don't seem to be able to create the
require certificate level on the Windows server either.
Do we need to go out to an Internet provider and request certificates
from them? If so, how we ask for the iSeries side and Windows side and
get them to use the same keys?
Any help or pointer much appreciated.
Alasdair Simpson
Target Group Registered in England & Wales No 01208137. Registered Office:
Target House, Cowbridge Road East, Cardiff CF11 9AU.
CONFIDENTIALITY. This email and any attachments are confidential and
may also be privileged. If you are not the intended recipient, please
do not disclose the contents to anyone, or take any action based on
them, but notify the sender by return email and delete this email (and
any
attachments) from your system.
Messages sent to and from us may be monitored.
Internet communications cannot be guaranteed to be secure or error-free.
This e-mail and any attachments have been checked by virus detection
software before transmission. You should carry out your own virus
checks on the contents of this communication. We accept no liability
for any loss or damage which may be caused by software viruses or by
interception or interruption of this mail.
Any views or opinions presented are solely those of the author and do
not necessarily represent those of the company. We do not accept any
liability arising in any way from relying upon such views or opinions.
Calls may be recorded for training and security purposes.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
------------------------------
message: 4
date: Wed, 11 Jan 2017 07:38:03 -0600
from: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
subject: Re: Road Map to move a home grown application from RPG to DB2
SQL or to any other data base platform
Nice outline - and the difficulties are clearly stated.
I do wonder about what the OP meant by "DB2 SQL" - is it to move to a non-IBM i version of DB2, or it it to use SQL embedded in RPG instead of native IO? I don't have the original post in front of me, so I don't know.
IIRC, Fresche Legacy might have some tools to help with either option, I think - I'm not sure about getting off IBM i completely, although maybe their tools can. I do believe there are some refactoring tools that were acquired from Stuart Milligan's suite of products, including X-Analysis.
I'm not promoting any of this, just giving information.
Vern
On 1/11/2017 1:13 AM, D*B wrote:
1. change PF/LFs to SQL tables and indexes.
... prerequisite could be to change some RPG code from RLA to SQL data
access
2. Convert RPG programs to SQL/CLI so that it can be migrated to SQL
Server.
... SQL/CLI is only the data access part (and portability is limited),
the remaining RPG part would be > 90% of your programms and doesn't
run on any other platform.
3. Convert RPG reports to Tableu/Cognos/Crystal reports
... here you would have to make some changes to your database and
every report has to be rewritten from scratch for your target
environment.
4. Convert DSPF screens to some frame work like Angular JS
... this would not change your terminal driven application handling
5. Migrate everything to another platform/cloud..
The problem with working piece by piece is, that the mixed application
must run in an integrated environment. Moving an RPG application from
AS/400 to any other platform, you would need a rewrite of every line
of RPG code.
D*B
------------------------------
message: 5
date: Wed, 11 Jan 2017 07:38:26 -0600
from: David Gibbs <david@xxxxxxxxxxxx>
subject: *** ADMIN: RPG & Java topics
Folks:
Just a reminder ... RPG & Java topics belong in their respective lists.
RPG400-L for RPG discussion (
http://mlists.org/rpg400-l).
JAVA400-L for Java discussion (
http://mlists.org/java400-l).
For discussion that involves both RPG & Java, pick the list that the question more heavily leans towards. You may also cross post if you think it appropriate to both lists.
In general, I would suggest posting to RPG400-L if the topic is about invoking Java from RPG..
Thanks!
david
--
David Gibbs
midrange.com
IBM i on Power Systems: For when you can't afford to be out of business!
I'm riding a metric century (100 km / 65 miles) in the American Diabetes Association's Tour de Cure to raise money for diabetes research, education, advocacy, and awareness. You can make a tax deductible donation to my ride by visiting
http://lsteml.diabetessucks.net. My goal is $6000 but any amount is appreciated.
See where I get my donations from ... visit
http://lsteml.diabetessucks.net/map for an interactive map (it's a geeky thing).
I may have diabetes, but diabetes doesn't have me!
------------------------------
message: 6
date: Wed, 11 Jan 2017 09:17:51 -0500
from: Rob Berendt <rob@xxxxxxxxx>
subject: Re: CPU monitor >90% for 5 minutes - attach to the alert the
jobs and/or tasks causing the issue.
I was emailed, off list, by IBM due to a question posted to
http://ibm.co/2j7zkyV https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/QSYS2.ACTIVE_JOB_INFO()%20-%20UDTF
How soon are you getting off of 7.1? Based on what I'm hearing they might have a solution soon but I'm doubtful that it will go back to 7.1.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.