Did it again !!! The VM listserv is displaying my paste incorrectly. The last 2 PORT statements are commented out.
Tim -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Tim Joyce Sent: Wednesday, August 06, 2008 11:45 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL connection problem after IPL Don't know why my Redbook PDF copy/paste did not display the 9999 port correctly! Here is the correct display: 9999 TCP SSLSERV SECURE EHCERT ; SSL SERVER - ADMINISTRATION ; 9999 TCP SSLSERV ; SSL SERVER - ADMINISTRATION ; 520 UDP MPROUTE NOAUTOLOG ; Multiple Protocol Routing Server Tim -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Tim Joyce Sent: Wednesday, August 06, 2008 11:37 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL connection problem after IPL Hey Alan, Please keep in mind, I am a LINUX newbie. This SSL server is my first and only Linux implementation. I got the PORT 9999 setup from the IBM Redbook - SSL Server Implementation for z/VM 5.2 . Copied from PDF Redbook : Example 4-1 PROFILE TCPIP example ; ---------------------------------------------------------------------- ; Reserve ports for specific server machines. Port values used are ; those defined in RFC 1060, "Assigned Numbers" ; ---------------------------------------------------------------------- ; Note that the MPROUTE and RouteD servers cannot be concurrently used ; with the same TCP/IP stack server. ; ---------------------------------------------------------------------- PORT 20 TCP FTPSERVE NOAUTOLOG ; FTP Server 21 TCP FTPSERVE ; FTP Server 23 TCP INTCLIEN SECURE EHCERT ; TELNET Server ; 23 TCP INTCLIEN ; TELNET Server 25 TCP SMTP ; SMTP Server 53 TCP NAMESRV ; Domain Name Server 53 UDP NAMESRV ; Domain Name Server ; 67 UDP BOOTPD ; BootP Server ; 67 UDP DHCPD ; DHCP Server 69 UDP TFTPD ; TFTPD (Trivial FTP) Server 81 TCP PERFSVM NOAUTOLOG ; FCON/ESA INTERNET SERVER 111 TCP PORTMAP ; Portmap Server 111 UDP PORTMAP ; Portmap Server 143 TCP IMAP ; IMAP Server 161 UDP SNMPD ; SNMP Agent 162 UDP SNMPQE ; SNMPQE Agent 512 TCP REXECD ; REXECD Server (REXEC) 514 TCP REXECD ; REXECD Server (RSH) 515 TCP LPSERVE ; LP Server 9999 TCP SSLSERV SECURE EHCERT ; SSL SERVER - ADMINISTRATION ; 9999 TCP SSLSERV ; SSL SERVER - ADMINISTRATION ; 520 UDP MPROUTE NOAUTOLOG ; Multiple Protocol Routing Server Thinking PORT 9999 may be the problem, I already tried changing PORT 9999 back to BASE statement with OBEYFILE, but had no luck. All my SSLADMIN command seem to work, although a little slower response than I remember before fateful IPL. As far as an emulator trace. I may need some help on how to do that. Thanks, Tim -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Wednesday, August 06, 2008 11:18 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL connection problem after IPL On Wednesday, 08/06/2008 at 10:36 EDT, Tim Joyce <[EMAIL PROTECTED]> wrote: > As far as PROFILE TCPIP errors, I did notice yesterday I had > misspelled the > PORT 9999 statement for my SSLSERV admin : > > 9999 TCP SSLSERV SERCUR ALCERT ; SSL SERVER - ADMINISTRATION > > so I corrected with obeyfile : > > 9999 TCP SSLSERV SECURE ALCERT ; SSL SERVER - ADMINISTRATION > > If this is the problem, I do not understand why it would have worked before > the IPL. And, if this was the issue, shouldn't the corrected > obeyfile have > resolved this, or will I need to wait until I can cycle the TCPIP > stack this > weekend? This is incorrect. The SECURE option goes on the PORT entries for the ports you want to protect. It does not go on port 9999 (the SSLADMIN command connection). You mentioned that you are getting a failure on secure telnet. 1. Do you have the SECURE option specified for the port you are using for secure telnet? (Assuming an old-school secure telnet emulator.) 2. Can you successfully issue SSLADMIN commands? 3. Is the DTCPARMS entry for SSLSERV correct? If you had previously manually started the SSL server with different start-up parameters, those are no longer in effect. 4. Have you looked at an emulator trace to see what it's doing? Alan Altmark z/VM Development IBM Endicott
