Re: Telnet-SSL Questions

You should only need the one CA. But it sounds like this would be quite a job to set up and update when the CA expires.

Try contacting support for the client software. That sounds like the issue. The client doesn't need a certificate, it needs a Certificate Authority (CA). Unless it's doing client authentication over SSL (which I doubt and is overkill).

Since it's self-signed, you need to export the CA to your clients. Should be fairly straightforward.

And maybe a VPN would be easier to set up and maintain?

Brad
www.bvstools.com

Cov wrote:
G'day,

I have successfully configured a 'telnet-ssl' session by using DCM to
create a *SYSTEM Certicate Store, associate the Certificate with
Telnet, restart the Telnet Server, copy the Certificate to a PC &
import it into the PC's PCOMM Key database using the "IBM Key
Management" utility under Client Access. I have then changed the PCOMM
5250 Emulator to use Port 992 & "enabled Security". In summary, all is
good: I can establish a 992 telnet-ssl session between a PC (actually,
the PC Console PC!) & the iSeries (820) Server.

My next step is to attempt the same connection from another PC to the
same iSeries Server. I have taken the same Key, copied it to another
PC, imported it into the PCOMM Key Database, updated the PCOMM 5250
session (as above), but my 5250 session just hangs saying (at the foot
of the emulator): "Secure Socket is connect to remote server/host
xxx.xxx.xxx.xxx using port 992..." with a blank screen.

If I display the jobog to a QTVTELNET job on the Host, I get the
following messages:
"A remote host did not respond within the timeout period."
"SSL Handshake exceeded timeout limit for client 10.19.99.166 port
1068"

What am I doing wrong? Have I missed something? Am I looking at it too
simply? With 27 iSeries machines to support, I'd ideally like to use
just the one CA for all PC & Servers. Creating multiple CAs & importing
them onto every PC would be a nightmare!

Any assistance would be greatly appreciated.
Thanks, Tony Covelle.

.

Relevant Pages

  • Re: SSL/TLS & renegotiation and Internet Explorer
    ... When IE closes the connection with the server and prompts the user to choose ... recovery logic the SSL session is discarded. ... If the user only has one suitable client certificate, ...
    (microsoft.public.security)
  • Re: RDP Printing by station
    ... flagged as non-printing stations can not print for ANY users. ... multiple NIC's on the terminal server. ... I'd then just have to ensure that the client stations that are ... session is limited to NIC # 1. ...
    (microsoft.public.windows.terminal_services)
  • SSL and IPS (was RE: ssh and ids)
    ... How many simultaneous SSL sessions can be tracked?" ... I assume you're talking about a case in which the client constantly ... If you walk the possible session id space and ... The server chooses the session ID, ...
    (Focus-IDS)
  • Trying to setup FreeNX
    ... I've installed FreeNX server and the NX client from ... Below is a copy of the failure as recorded by my NX client trying to ... NX> 103 Welcome to: bhf user: bob ... NX> 703 Session type: unix-kde ...
    (alt.os.linux.suse)
  • Re: Problems logging on to Windows Based Server.
    ... This problem occurs because the Windows 2000-based server rejects your logon ... structure that is used to track the logon session. ... The client attempts to ... This problem does not occur in conjunction with Microsoft Windows NT-based ...
    (microsoft.public.security)