GOT IT WORKING gasp pant phew.
1. I had to add the keystore password manually to
/QIBM/UserData/OS/ADMININST/admin1/wlp/usr/servers/admin1/server.env
- keystore_password=vad_som_helst
I don't know why I had to do this manually, but after I did this, Navigator
came up on 2003 with TLS.
BUT THEN I COULDN'T CONNECT TO THE SERVER FROM iNAVIGATOR! ARGH!
Here's what I discovered.
1. The instructions for using TLS to connect Navigator to the host
server threads are here
<
https://www.ibm.com/docs/en/i/7.5?topic=options-setting-up-tls-encryption#rzat10tlsencryption__browser_conn_navigator>
.
2. I had done this prior to setting up Navigator itself for TLS. <<
Don't do this!
3. When TLS is activated for the Navigator itself, apparently only then
the setup for TLS->the host server threads used by iNavigator is activated!
4. The TLS setup for iNavigator itself *uses the DCM keystore*.
5. The TLS setup for iNavigator to connect to the host server threads *uses
the Java keystore*.
6. Our setup has a self signed certificate whose self-signed CA is not
in the Java keystore.
7. So when I activated TLS correctly (by manually adding the DCM
keystore password to server.env) that activated the TLS connection to the
host server threads, which *did not work* because the self-signed
certificate (or its self-signed CA) is not in the Java keystore.
Anyway, I'm up and running now. Thanks everyone for the help and
encouragement!
On Wed, Jan 17, 2024 at 10:13 AM Pete Helgren <pete@xxxxxxxxxx> wrote:
It does prompt for a password in step 7 of the document for "Select an
existing certificate from the *SYSTEM keystore" instructions found here:
https://www.ibm.com/support/pages/node/667835
midrange.com
