You might have SSL installed but you also have to use a cert on the i and assign it to the services. I haven't done that since before 2009 when we went to service bureau. Then you also have to have a certificate on each client pc. Takes a small amount of configuration but it's not bad, but I don't remember all the steps. There is probably a thread or two in the archives here that would provide a good reference.

coy

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Gary Thompson
Sent: Thursday, May 23, 2013 12:09
To: Midrange Systems Technical Discussion
Subject: RE: SSL with iSeries Access

Coy, thanks for the info
apparently my main i Server is does not have SSL installed - I see a bunch of:
CWBCO1008 - Unable to connect . . . 25406


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Coy Krill
Sent: Thursday, May 23, 2013 12:39 PM
To: Midrange Systems Technical Discussion
Subject: RE: SSL with iSeries Access

In System I Navigator, open the properties for the machine you are connecting to, select the Secure Sockets tab, click the Verify SSL Connection, when the window opens that is verifying, click open the first entry in the Status: box with a + and down in the messages will be a CWBCO1030 Message. Connecting from my bank to the Allen DC I get the following:

CWBO1030 - SSL version TLSV1 was used and cipher suite 2F selected
CWB01056 - FIPS mode is active for this connection

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Fenstermacher
Sent: Thursday, May 23, 2013 11:12
To: Midrange Systems Technical Discussion
Subject: RE: SSL with iSeries Access

Thanks, that helps. We're using *OPSYS with a few specified in QSSLCSL, is there a way to find out which SSL version a connection is using?


Paul Fenstermacher | Sys/NW Admin,Sr | Corporate Systems - POWER Systems Administration | Jack Henry & Associates, Inc.®
663 West Highway 60 | Monett, MO 65708 | Ph. 417.235.6652 | x177389 | pfenstermacher@xxxxxxxxxxxxx


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of brad.lovelady@xxxxxxxxxxxxxx
Sent: Thursday, May 23, 2013 12:30 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: SSL with iSeries Access

Check your system value (assuming you are on >= V6R1) QSSLPCL. If it's set to default which is *OPSYS that means you are allowing any TSL/SSL version supported by that particular OS release level. Otherwise that value can be manually altered to only allow specific TLS/SSL versions.

If the auditor meant to ask about supported CIPHER suites then check system value QSSLCSL instead.

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209 MAC W2691-010 Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx


Wells Fargo Confidential

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Fenstermacher
Sent: Thursday, May 23, 2013 10:47 AM
To: Midrange Systems Technical Discussion (midrange-l@xxxxxxxxxxxx)
Subject: SSL with iSeries Access

How can I find out what version of SSL is being used with iSeries Access connections? PCI auditor inquiry.


Paul Fenstermacher | Sys/NW Admin,Sr | Corporate Systems - POWER Systems Administration | Jack Henry & Associates, Inc.(r)
663 West Highway 60 | Monett, MO 65708 | Ph. 417.235.6652 | x177389 | pfenstermacher@xxxxxxxxxxxxx<mailto:pfenstermacher@xxxxxxxxxxxxx>


NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


************************************************************************
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or taking any action based on it, is strictly prohibited.
***********************************************************************
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


************************************************************************
This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or taking any action based on it, is strictly prohibited.
***********************************************************************

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.