Hi Justin,

I am self-signing, which is sufficient for my telnet needs. I am not sure
I follow your line of thinking of why self signed certs are less secure.
If you trust the signer then you are good to go.

I actually already have telnet + SSL working by following IBM's docs (n1).
I wish it were as simple as a few green screen commands.

n1 - http://www-01.ibm.com/support/docview.wss?uid=nas8N1010449 These docs
aren't complete and missed a step - the part where you need to create the
certificate inside the certificate authority.

On final note, I use openssl to create certs with letsencrypt.org for an
nginx setup on IBM i. I can automate the entire process with a shell
script.

Aaron Bartell
litmis.com - Services for open source on IBM i


On Fri, Jan 29, 2016 at 11:14 AM, Justin Dearing <zippy1981@xxxxxxxxx>
wrote:

Aaron,

Do you mean you created the cert request with OpenSSL and sent to an cert
authority, and got back a cert in the form that works with apache, or that
you made a self signed cert with OpenSSL?

There is a chain of trust in SSL and that chain is only complete if the
clients computer has the public key for the certificate of authority from
the entity that generated your SSL certificate. Self signed ertificates are
inheriently less secure for this reason, unless your deploying the
cerrtificate of authority that you made for your self signed cert to all
the workstations in question. If you went the self signed route, I implore
you to consider buying a cert from the cheapest cert provider with the
longest expiration period they will give you, and that's a big improvement
from what you did for free.

</rant>

All that being said, I've never configured ssl on the IBM i telnet service,
but if you'd point out the greenscreen commands you've tried and errors
your getting, I'll see if I can figure out the correct incantation of the
Open SSL command to convert the certificate. OpenSSL is very much a swiss
army knife and can convert a certificate between many formats.

On Fri, Jan 29, 2016 at 11:25 AM Aaron Bartell <aaronbartell@xxxxxxxxx>
wrote:

Does anyone know if you can configure telnet on IBM i to use certs
created
by openssl commands? Trying to automate telnet SSL configuration with a
shell script (and at the same time move away from DCM).

Aaron Bartell
litmis.com - Services for open source on IBM i
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.