Well, yes I can (did) make a SELF-SIGNED certificate and it works fine. But my auditor doesn't like it.
This is what happens when I tried to store the one from VeriSign. DTCSSL201E Algorithm error--GSKKM error 146. and from Thawte.. DTCSSL2417E The content of file TSTTHAWT X509CERT D cannot be used or is DTCSSL2417E corrupt. Maybe SSLSERV somehow got hosed. I am having them re-boot it tonight. SSLADMIN QUERY CERT * Shows the certs that came with SSLSERV (z/VM 5.3) plus the Self-Signed one I created. I'll see what happens after the re-boot. Oh well such is life. -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of Alan Altmark Sent: Wednesday, May 21, 2008 12:36 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: SSL CERTIFICATE On Wednesday, 05/21/2008 at 09:03 EDT, "Huegel, Thomas" <[EMAIL PROTECTED]> wrote: > I am talking the latter. z/VM's TN3270 server protected by z/VM's SSLSERV > z/LINUX. > Some auditor thinks I need to encrypt my TN3270 sessions. If your customer has a security policy that says "No passwords in cleartext on the network", or the moral equivalent, then the auditor is correct. We have customers getting their certs from Thawte and Verisign. You mention that you have "errors", but you don't elaborate on the process you used and the errors you got. Getting your cert a non-standard source (including self-signed) inevitably creates a problem with the client. If it is self-signed, then all clients must have the cert also installed on their own workstation. If it is signed by a non-standard source (e.g. local CA), then the non-standard CA cert must be installed on each workstation. Use the SSLADMIN command to display the certificate database and you will see what CA certs are in there. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
