I just did this for 4 LPARs. It wasn't so easy. I guess what made it less
painful was I had already generated and loaded keys to use with MQ so I was
familiar with DCM.

Our certificate environment made the process a bit challenging but in the
end what I did was

Used DCM to generate a CSR (I had to use specific files in OU and CN to
refer back to our corporate certificate management system)
Use that CSR to create a cert
Load the cert into IBMi using DCM
Assign the cert to the TCP/IP application

That was the easy part. I then had to find a way to ensure the clients
could use the cert and I have several clients and all are different.

There are different processes for Reflections (which many of our staff us)
and Access Client Services which the tech staff use. As an aside for
Reflections opening up port 992 on the firewalls was fine. For ACS I also
had to open up 9470-9476 which I only discovered after generating a large
Java dump and looking to find out why the connection was failing.

For certificates I just made sure the Windows clients had the
corporate CA's loaded onto them which is part of the corporate build

On Thu, Dec 2, 2021 at 7:05 AM Mayer, Michael via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

I did this several months ago. It took quite the effort to make it work.
Most of that effort involved the
various certificate setup work I had to do. It wasn't overly difficult but
it was quite detailed and took a few hours to
complete. I had to engineer it across 5 partitions. Obviously once I got
the first working, the rest fell into place.


Very Respectfully,
Michael Mayer
IBM i on Power System Admin.
IT Operations.
The Florida Bar
651 E. Jefferson St
Tallahassee, Florida 32399-2300
mmayer@xxxxxxxxxxxxxx
https://www.floridabar.org
Office: 850.561.5761
Cell: 518.641.8906


Today's Topics:

1. RE: SSL telnet 5250 not working (Rob Berendt)
2. Re: SSL telnet 5250 not working (Miguel Peralta)
3. Re: SSL telnet 5250 not working (Jim Oberholtzer)


----------------------------------------------------------------------

message: 1
date: Wed, 1 Dec 2021 16:51:42 +0000
from: Rob Berendt <rob@xxxxxxxxx>
subject: RE: SSL telnet 5250 not working

Not that I've done it but,
https://www.ibm.com/docs/en/i/7.4?topic=server-securing-telnet-ssl


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-------------------------------------------------------

message: 2
date: Wed, 1 Dec 2021 17:39:03 +0000
from: Miguel Peralta <mperalta8@xxxxxxxxxxx>
subject: Re: SSL telnet 5250 not working

mmm there is a part that I had not seen, I will use this link to work.
Thanks for replying, regards

________________________________

message: 3
date: Wed, 1 Dec 2021 11:46:51 -0600
from: Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx>
subject: Re: SSL telnet 5250 not working

Are we presuming you already have a certificate associated with the telnet
service? If you have not set that up see:


https://www.ibm.com/docs/en/i/7.3?topic=ssl-configuration-details-securing-telnet

It's a bit more detailed on all the steps, not just the telnet server
changes.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects



________________________________
Please note: Florida has very broad public records laws. Many written
communications to or from The Florida Bar regarding Bar business may be
considered public records, which must be made available to anyone upon
request. Your e-mail communications may therefore be subject to public
disclosure.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.