Common name for the CA is RGTCERTAUTH.
Not sure how to tell if it is in my *SYSTEM as a trusted CA though

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Chris Bipes
Sent: Friday, January 29, 2016 1:58 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: OpenSSL for telnet on IBM i?

What is the CA for the RGTSSLCERT and is it in your *SYSTEM as a trusted CA?


Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Smith, Mike
Sent: Friday, January 29, 2016 10:54 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: openssl for telnet on IBM i?

Well for some of us(me specifically) this has been a pain in the rear

1. I have a cert in *SYSTEM cert store named RGTSSLCERT valid until 2020

2. Under Communications/Session Security info on green screen session, I see RGTSSLCERT listed in the Server Cert Info. Security Protocal :none and Security Encryption Level :None under Client Cert tab: No cert has been sent by this client(maybe this is the issue.?????)

3. when I try to connect I get a 420 error code.

4. Under System I navigator my connection shows the Pad Lock

5. when I verify connection in System I Navigator I get a CWBCO1055 (SSL Client Authentication is supported for serve app telnet-ssl ) and
CWBCO1008(Unable to connect to server app Telnet returned 20105)

6. RGTSSLCERT has been imported into my web browser.

What am I missing?

Mike



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of DrFranken
Sent: Friday, January 29, 2016 1:16 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: openssl for telnet on IBM i?

As I see it you have these options:

1) Open Telnet on 23 from the world. Not such a good choice.
2) Create a self-signed cert in DCM and assign it to Telnet. Then use Port 992 and you are secure. Not sure why people think this is hard.
3) Purchase a third party cert and load it into your i and use that to secure Telnet.
4) use SSH port tunneling with say putty on port 22 and let that encrypt your traffic.
5) Use a VPN
6) Something else that I didn't consider. The possibilities are endless.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 1/29/2016 11:24 AM, Aaron Bartell wrote:
*This message was transferred with a trial version of CommuniGate(r)
Pro* Does anyone know if you can configure telnet on IBM i to use
certs created by openssl commands? Trying to automate telnet SSL
configuration with a shell script (and at the same time move away from DCM).

Aaron Bartell
litmis.com - Services for open source on IBM i

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

NOTICE: This message, including any attachment, is intended as a confidential and privileged communication. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this message.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

NOTICE: This message, including any attachment, is intended as a confidential and privileged communication. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this message.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.