Re: Apache http ssl certificate - export -- MIDRANGE-L

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

On Tue, Apr 28, 2020 at 8:23 AM Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:

Objective: create ssl http server, create certificate, export off iSeries
to any off platform calls into the server via http.

First thing: If Postman wants a key file, whoa, you're off into the wrong
process. You never give an https client your private key.

Next:

- As I understand it, you want clients to reach your IBM i via HTTPS.
- You don't have a public CA associated with your self-signed cert, so
you're trying to provide clients with a copy of your cert to add to their
store.

If this is the case, anyone with a reasonable browser can just contact you
via HTTPS, get the ugly warning message, and tell their browser to accept
the self-signed cert.

If this is not a browser but some automated process that wants to contact
the i via HTTPS, then you can easily grab the self-signed cert to add to
their keystore.

From a linux box or from the IBM i itself in PASE:

openssl s_client -connect *myIBMiOrIPAddr:443*

Highlight the cert with your mouse including the BEGIN and END lines and
email it to your business partner.

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.