1.  Home
  2. MIDRANGE-L
  3. January 2016

Re: openssl for telnet on IBM i?

OK Maybe I oversimplified it because I've only done it a hundred times. At one point I have written a document with all the steps, I'll see if I can find that.

As to your print screen that's plain odd. What it LOOKS like is that my statement was taken literally in that the cert was assigned to Telnet and ONLY Telnet. The IBM i Access solution still access a number of ports other than 23/992. THose will be in the 8470 range for non secure and and 9470 for SSL.

So if the cert is no assigned to those ports then attempting to verify will fail as shown in your list.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 1/29/2016 1:38 PM, Aaron Bartell wrote:

Hi Larry,

2) Create a self-signed cert in DCM and assign it to Telnet. Then use Port
992 and you are secure. Not sure why people think this is hard.

I've yet to find docs that take you through the 30 steps from start to
finish. In my current scenario I have SSL working with telnet but it only
works for tn5250j and not IBM Access Client Solutions. I prefer ACS
(because keyboard shortcuts actually work on the Mac) but intend to give up
on it again. Here's the error I am getting:
http://www.screencast.com/t/NyYmuVCggldg



Aaron Bartell
litmis.com - Services for open source on IBM i


On Fri, Jan 29, 2016 at 12:15 PM, DrFranken <midrange@xxxxxxxxxxxx> wrote:

As I see it you have these options:

1) Open Telnet on 23 from the world. Not such a good choice.
2) Create a self-signed cert in DCM and assign it to Telnet. Then use Port
992 and you are secure. Not sure why people think this is hard.
3) Purchase a third party cert and load it into your i and use that to
secure Telnet.
4) use SSH port tunneling with say putty on port 22 and let that encrypt
your traffic.
5) Use a VPN
6) Something else that I didn't consider. The possibilities are endless.

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 1/29/2016 11:24 AM, Aaron Bartell wrote:

*This message was transferred with a trial version of CommuniGate(r) Pro*

Does anyone know if you can configure telnet on IBM i to use certs created
by openssl commands? Trying to automate telnet SSL configuration with a
shell script (and at the same time move away from DCM).

Aaron Bartell
litmis.com - Services for open source on IBM i

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.