Here is the web configuration file that I am trying to connect to. Does
the SSL stuff look like it is set correctly?


AccessReportTemplate justin {
      AccessReportDescription "web report"
      AccessReportIncludeURL /*
      AccessReportIncludeHostName 192.168.0.6
}
    Map  /cgidev2/start
/QSYS.LIB/CGIDEV2.LIB/DEMOHTML.FILE/DEMOFRAME.MBR
    Map  /cgidev2/setup
/QSYS.LIB/CGIDEV2.LIB/DEMOHTML.FILE/SETUPCSA.MBR
    Map  /cgidev2h/*.htm   /cgidev2h/*.mbr
    Map  /cgidev2o/*.htm   /cgidev2o/*.mbr
    Map  /cgidev2oit/*.htm   /cgidev2oit/*.mbr
    Map  /cgidev2o/*    /QSYS.LIB/CGIDEV2.LIB/DEMOHTML.FILE/*
    Map  /cgidev2oit/*  /QSYS.LIB/CGIDEV2.LIB/DEMOHTMLIT.FILE/*
    Map  /cgidev2h/*    /QSYS.LIB/CGIDEV2.LIB/HTMLSRC.FILE/*
    Map  /cgidev2r/*    /QSYS.LIB/CGIDEV2.LIB/QRPGLESRC.FILE/*
    Map  /cgidev2l/*    /QSYS.LIB/CGIDEV2.LIB/QCLSRC.FILE/*
    Map  /cgidev2d/*    /QSYS.LIB/CGIDEV2.LIB/QDDSSRC.FILE/*
    Map  /cgidev2f/* /cgidev/*
    Pass /QSYS.LIB/CGIDEV2.LIB/*
    Pass /cgidev/*
Exec /cgidev2p/*  /QSYS.LIB/CGIDEV2.LIB/*  %%EBCDIC%%
IconPath /QIBM/HTTPSVR/Icons/
AddIcon text.gif     text  text/*
AddIcon html.gif     html  text/html
AddIcon binary.gif   bin   application/*
AddIcon compress.gif Z     application/x-compress
AddIcon compress.gif gzip  application/x-gzip
AddIcon image.gif    img   image/*
AddIcon movie.gif    vid   video/*
AddIcon sound.gif    au    audio/*
Disable CONNECT
Disable DELETE
Disable HEAD
Disable OPTIONS
Disable PUT
Disable TRACE
Enable GET
Enable POST
AlwaysWelcome On
DirAccess Off
Service /servlet/* /QSYS.LIB/QAPPSVR.LIB/QZHJSVLT.SRVPGM:AdapterService
%%MIXED%%
Service /*.jsp     /QSYS.LIB/QAPPSVR.LIB/QZHJSVLT.SRVPGM:AdapterService
%%MIXED%%
Pass /IBMWebAS/samples/* /QIBM/ProdData/IBMWebAS/samples/*
Pass /IBMWebAS/* /QIBM/ProdData/IBMWebAS/web/*
Exec  /cgi-bin/* /qsys.lib/cgilive.lib/*.pgm %%EBCDIC%%
Pass /* /rtekweb/*
ServerInit /QSYS.LIB/QAPPSVR.LIB/QZHJSVLT.SRVPGM:AdapterInit
/QIBM/ProdData/IBMWebAS/properties/bootstrap.properties
ServerTerm /QSYS.LIB/QAPPSVR.LIB/QZHJSVLT.SRVPGM:AdapterExit
BindSpecific On
UserID %%SERVER%%
DNS-Lookup Off
RuleCaseSense Off
Imbeds Off SSIOnly
Port 80
NormalMode On
# Do not change or delete the following AppName directive
AppName QIBM_HTTP_SERVER_RTEKWEB
SSLMode On
SSLPort 443
SSLClientAuth Required
HostName 192.168.0.6
ErrorLogArchive None
ErrorLogExpire 0
ErrorLogSizeLimit 0
AccessLogArchive None
AccessLogExpire 0
AccessLogSizeLimit 0
AccessLog /logs 2000

-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com] On Behalf Of Sean Porterfield
Sent: Monday, July 22, 2002 11:03 AM
To: midrange-l@midrange.com
Subject: RE: Problem with SSL

I have the following:

5722SS1   *COMPATIBLE  OS/400 - Digital Certificate Manager
5722AC3   *INSTALLED   Crypto Access Provider 128-bit for AS/400
5769CE2   *INSTALLED   Client Encryption 56-bit
5722CE3   *INSTALLED   Client Encryption 128-bit

I finally got my admin server listening on port 2010 again by editing
the
config file manually.  I couldn't get the Apache configuration to do
what I
needed.  I don't know if my findings will help you since you said you're
on
V4R5 and I'm on V5R1.

I would say when you start the HTTP server, find the jobs.  Then after
you
connect to https://192.168.x.x check the joblog for each of the server
jobs.
I thought they used to be in QUSRWRK or QSYSWRK but mine are in
QHTTPSVR.
Use WRKSBSJOB QHTTPSVR to find the jobs.  If the server ends when you
attempt to connect, it should produce a joblog.

HTH

>-----Original Message-----
>From: Justin Houchin
>
>       Yes it is listening on port 443. I have read step by step on how
>to setup the Digital Certificate Manager with the redbook "Building a
>Digital Infrastructure". Before I started this project I had to install
>the Digital Certicate Manager, Crytographic Support, and the
>Crytographic Access Provider 128bit. When I got done installing them,
>the Crytographic Access Privider 128bit showed *INSTALLED while the
>other to showed *COMPATIBLE. Could this be a problem?
>
>-----Original Message-----
>From: Sean Porterfield
>
>>From: Mark Villa
>
>>~~~Scott Wrote,
>>~~~>Did you try accessing it by domain name instead of ip adrress?
>>Interesting conversation. Sorry for jumping in the middle.
>>It would seem that validation could only occur using a registered
>public IP
>>address. Got to put the resolution here for us to read. If
>>192.168.x.x works
>>that means anyone can use your cert.
>
>
>Actually, IE should pop up a security warning if it doesn't like the
>cert.
>It asks if you want to accept (yes/no/view cert) at which point you can
>even
>add it to the cert database on the pc so IE will trust it every time.
>
>Since I've lost the original thread now...  Justin - did you ever
verify
>in
>netstat that the AS/400 was listening on port 443?  (Assuming you
>started
>more than just the admin server, that is.)

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.