Manualshelf

Installation manual

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
71727374757677787980
Appendix C. Configuring on iSeries
Configuring iSeries servers for secure connection
The iSeries severs can be configured to use certificates from a public signing
agency or from a private certificate management system, like the AS/400 Digital
Certificate Manager. Before you enable SSL, decide which type of certificate to use.
See Deciding where to obtain your digital certificates on the iSeries Web site.
You must have the following programs installed to use SSL with iSeries:
v Digital Certificate Manager (DCM), option 34 of OS/400
v TCP/IP Connectivity Utilities for AS/400
v IBM HTTP Server for AS/400
v One of the IBM Cryptographic Access Provider products: 40-bit, 56-bit, or
128-bit. The bit size for these products indicates the varying sizes of the digital
keys that they employ. A higher bit size results in a more secure connection.
Some of these products are not available in all areas due to government export
regulations.
Configuring a Telnet server for secure connection
The following table describes the steps to enable Telnet with SSL. You will need to
repeat this step for each iSeries that you wish to use secure connections with.
OS/400 level Web page
Version 5 Release 1 Secure Telnet on the iSeries Web site.
Perform Step 1 only. Client authentication is
discussed in a section below.
Version 4 Release 4 and Version 4 Release 5 Telnet server and SSL on the AS/400 Web
site
Version 4 Release 2 and Version 4 Release 3 Telnet SSL Proxy Server on the AS/400 Web
site
Configuring the Host On-Demand Telnet keyring
1. Type the following command: qsh
2. Change to the Host On-Demand lib directory: cd
/qibm/proddata/hostondemand/hod
3. Obtain a server certificate from an SSL-enabled Telnet server. Remember to
substitute the value for host.name with the TCP/IP host name or dotted
address in the string listed below. 992 is the commonly used port for secure
connections. This command may span two lines but should be entered as one
line:
java -classpath .:/QIBM/ProdData/hostondemand/lib/sm.zip com.ibm.hodsslight.tools.keyrng
CustomizedCAs connect host.name:992
This command may take a few minutes to complete. If you are prompted for a
password, press Enter. If this is the first certificate, a new CustomizedCAs
object is created. Select the number of the Certificate Authority (CA) certificate
that you want to add to the Host On-Demand Telnet keyring. Be sure to add
© Copyright IBM Corp. 1997, 2001 71