RE: Change port for IBMi Access Client -- MIDRANGE-L

Reggie,

I can send you some pictures of our setup if you want to reply offline (I think you can see my email - if not it is first initial, last name @ company.com). We used *SYSTEM Certificate store in IBM DCM.
Every internal connection to our IBM i is secured by this certificate... even the DCM (we don't use the standard ports for any of the IBM apps either).

In DCM:
We created an ECDSA client/server certificate and applied it to the following...

Under Application Definitions:
Server
Central Server
Database Server
Data Queue Server
Network Print Server
Remote Command Server
Signon Server
IBM i TCP/IP Telnet Server
IBM i DDM/DRDA Server - TCP/IP
Cluster Security
Host Servers
File Server
Management Central Server
IBM Tivoli Directory Server
IBM i VPN Key Manager
HTTP Server Monitor
IBM i TCP/IP SMTP Server
IBM i TCP/IP FTP Server
IBM i TCP/IP POP Server
QIBM_DIRECTORY_SERVER_QUSRDIR
QIBM_HTTP_SERVER_APACHEDFT
IBM i System Service
IBM i Remote Journaling Target
Valence Portal
QIBM_HTTP_SERVER_WQLIB85_INTERNAL
QIBM_HTTP_SERVER_ADMIN
Valence Development Portal

Greg Wilburn
Total Biz Fulfillment

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Reggie Monroe
Sent: Friday, March 10, 2023 9:49 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: [EXTERNAL] Change port for IBMi Access Client

Hi Greg,
Yes, we are using Access Client Solutions. The problem we are having is with trying to update the certificate to point to the different protocol.

I am trying to follow instruction to create the certificate and seems I am having a little problem. The very beginning step mentions to create a "Certificate Authority (CA)" I do not see the link to perform this option and it mentions in the documentation that if I don't see it, then one is already created. I am pretty sure it is created it but I am not sure what I should do.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Greg Wilburn
Sent: Friday, March 10, 2023 5:38 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: [EXTERNAL] Change port for IBMi Access Client

External eMail: Do not open attachments or click on links unless you expected to receive them from a trusted sender.

Hopefully you are you using Access Client Solutions...

Select your system under System Configurations, click Edit. On the General tab there's a checkbox for "Use SSL for Connection". If you do it here, then anything that uses the connection is encrypted (5250, Run SQL Scripts, etc.) I can't remember if you have to go into the DCM and apply an SSL certificate to the application or not.
We created our own SSL certificate on the IBM i and use that.

Pretty simple.

Greg

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Reggie Monroe
Sent: Friday, March 10, 2023 7:29 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] Change port for IBMi Access Client

Currently we are using IBMi Access Client to connect to our AS400 systems and it is doing it via port 23. Per our security group. We need to change this to use a more secure port i.e. port 992. We have read some documentations that we need to make this change by updating certificate information. We are using some sort of certificate but from what I can tell, they all are expired and not maintained and not sure how to make this change to use port 992 instead of port 23. Would anyone have any suggestions? Thank you.

________________________________
This e-mail message, including any attachments, is for the sole use of the intended recipient, and may contain material that is privileged or confidential and legally protected from disclosure. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://urldefense.com/v3/__https://lists.midrange.com/mailman/listinfo/midrange-l__;!!Fat92My4sJ5u0kQe!3N3cG-Z47kArhc7AK4le2fd_N-5yiZJJ91psQVDDCGR9WfhOs4CcFdv6tpwQWj3f0yNAqoqAt_wcBkAEGeqrwX5vQd7VLO74FQ$
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://urldefense.com/v3/__https://archive.midrange.com/midrange-l__;!!Fat92My4sJ5u0kQe!3N3cG-Z47kArhc7AK4le2fd_N-5yiZJJ91psQVDDCGR9WfhOs4CcFdv6tpwQWj3f0yNAqoqAt_wcBkAEGeqrwX5vQd6CsmyA7w$ .

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

[CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.]

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://urldefense.com/v3/__https://lists.midrange.com/mailman/listinfo/midrange-l__;!!Fat92My4sJ5u0kQe!3N3cG-Z47kArhc7AK4le2fd_N-5yiZJJ91psQVDDCGR9WfhOs4CcFdv6tpwQWj3f0yNAqoqAt_wcBkAEGeqrwX5vQd7VLO74FQ$
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://urldefense.com/v3/__https://archive.midrange.com/midrange-l__;!!Fat92My4sJ5u0kQe!3N3cG-Z47kArhc7AK4le2fd_N-5yiZJJ91psQVDDCGR9WfhOs4CcFdv6tpwQWj3f0yNAqoqAt_wcBkAEGeqrwX5vQd6CsmyA7w$ .

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.