× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2022

Re: DCM help -- trying to set up TLS (and Secured Telnet) on a V7R5 box

If you truly want to set up SSL for telnet, you can but if you use a
self-signed certificate each person using telnet will need to import your
own self-signed CA.

Possible, but not always easy to explain to your users how it's done.
That's why if you get a certificate from a well known source (may cost a
few bucks a year), most clients already trust the CA(s) that the
certificate is signed by.

On Tue, Oct 4, 2022 at 11:50 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

You don't assign certificates to client applications unless it's
specifically a requirement.

Most certificates are assigned to server applications (HTTP, etc).

On Tue, Oct 4, 2022 at 11:05 AM James H. H. Lampert via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

On 10/4/22 5:43 AM, Brad Stone wrote:
You don't need to create a local certificate. Just create the *SYSTEM
store.

Dear Brad, et al.:

"Just create the *SYSTEM store"?

If I look at the *SYSTEM store, all I see is:

LOCAL_CERTIFICATE_AUTHORITY_7813280O(1)
Touchtone
Expires in 7299 days
ECDSA (256 bits)
Certificate Authority (Enabled)

and if I go to "Manage Application Definitions" (something I definitely
remember from the old V6 and V4 DCMs), I see a box for

QIBM_QTV_TELNET_SERVER
IBM i TCP/IP Telnet Server
Server
No certificates assigned

If I click "View" on that box, I see "None assigned" under Assigned
Certificates, and if I click "Assign Certificates," nothing is listed to
assign. Is an empty *SYSTEM store really all I need now, for secured
Telnet? No assignments?

Also, as I recall, bringing up the Telnet server in Secured mode
requires cycling that server, varying it off and back on. Is that still
true? It's easy enough to do when you also have a physical terminal on a
Twinax line, and I vaguely recall using it through the separate system
console Ethernet port on our E4A, but how do I do this without physical
access? Through iNav?

And what about the other thing we need, enabling HTTPS support in Scott
Klement's HTTPAPI?

--
JHHL
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.