I think the OP is saying that "self signed" certificates have been generated. Each workstation should need the "Certificate Authority" (CA) cert chain of the Tn3270 cert. The way to avoid this is to use a cert that is signed by a common authority.
Some TN3270 clients and some windows applications let you click around certificate problems, which I don't think is secure. I doubt IBM's PCOMM for example, would let you do that. If your systems are in a domain, a CA certificate can be handled in a group policy or somehow, we have our own "enterprise" CA chains that are essentially self-signed but get installed on each workstation that joins the domain. Len Rugen ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html