Paul, That what I was suggesting. Switching a console to a local non sna terminal. There are many ways to handle the certificate issue, one is extending its expiration date.
*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: i_mugz...@securiteam.co.il **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* בתאריך יום ו׳, 16 בפבר׳ 2024 ב-18:41 מאת Paul Feller < 000005aa34d46684-dmarc-requ...@listserv.ua.edu>: > This is why I have setup a few 3270 sessions for each lpar in the OSA-ICC > environment. That was my back door into the lpars if something went wrong > with TCPIP/TN3270 and associated stuff. As for updating the cert I'm sorry > I can't help with that. That type of activity is handled by only a small > group of people and I was not part of that group. > > If you have session manager running on another lpar that allows cross > access to the test lpar, I think that might bypass the whole cert stuff. > Not 100% sure about it. > > Good luck getting things fixed. > > Paul > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > Of Keith Gooding > Sent: Friday, February 16, 2024 8:36 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Tn3270 back door > > My understanding is that a policy agent refresh only reloads the > definitions if something has changed in the policy. I have certainly had a > problem when a keyring had been changed - policy agent did not recognise a > change so the cached keyring remains. The solution was to increment the > connection instance value in the policy before the refresh. Have you tried > restarting pagent ? > > Keith > > > On 16 Feb 2024, at 10:54, James Cradesh < > 000005a6576c6fa2-dmarc-requ...@listserv.ua.edu> wrote: > > > > I’m locked out of my test lpar. The ssl cert expired. A new cert was > uploaded but the tn3270 doesn’t see it. I did refresh Pagent but it didn’t > help. How do you get around this situation? Is there a way to enable the > non ssl port? > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN