Resolving The Problem

Configuring IBM® Access for Windows client to Use SSL - Secure Sockets Connectivity Using Server Authentication.

This document describes the following:

Before you are able to use Secure Sockets, ensure the Telnet and Client Access Host servers are configured to use Secure Sockets. For additional information, refer to the following Technote:

Configuring the SSL Telnet and Access for Windows Host Servers for Server Authentication for the First Time
(http://www-01.ibm.com/support/docview.wss?uid=nas8N1010449)

Installing Secure Sockets Support

The Access for Windows Secure Sockets Support is a selectively installable component that is not installed by default with a Typical install. It must be selected as part of a Custom install, or will be included with a Complete install.

To verify the Secure Sockets component is installed, go to Client Access Properties and click on the Secure Sockets tab:



Click OK.


Downloading Certificate Authority

Once the Secure Sockets component is installed, the Certificate Authority certificate must be downloaded. Do the following:


Click on the Secure Sockets Tab.



Click Download. This downloads the most recent Local Certificate Authority certificate from the IBM i OS to the PC. When downloading the Certificate Authority, you might be prompted for sign-on Information depending on what the sign-on Information is set to and if the user has already connected.



The default password for the key management database is ca400 unless it was changed.

Note: The path for the key management database is different depending on the PC operating system. Once the password is typed, click OK.



If the Certificate Authority has been download successfully, the message above is issued. If you have problems downloading the Certificate Authority, refer to the iSeries Access for Windows User's Guide for the message and return codes. Once the Certificate Authority is downloaded, System i Navigator and PC5250 can be configured to use SSL.


Configuring System i Navigator

You are in the Secure Sockets Tab in System i Navigator properties.



Click on Use Secure Sockets Layer(SSL) for connection, and click OK.



When the above message is issued, click OK. Then, close and restart iSeries Navigator.



There is a padlock next to the system or TCP/IP address you secure that means you are using Secure Sockets to connect.

Configuring PC5250 to Use SSL

If you already have configured a previous PC5250 session to use non-SSL, click on communication/configure. If you do not have a PC5250 session configured, create one using Start/Configure or use the create desktop icon wizard.



By default, the port number is 23. Click on Properties.



You can select Use Secured Sockets Layer (SSL) or, if you have System i Navigator configured to use SSL, select Use Operations Navigator default. Also notice on the top you can set the User ID signon information for PC5250. Click OK.



Notice the port changed from 23 to port 992. Click OK.



If changing an existing PC5250 session, the above message is issued. If creating a new PC5250 session, the message is not issued. Click OK, and PC5250 will restart.



Notice the padlock is locked indicating PC5250 is using Secure Sockets to connect.

For problems connecting iSeries Navigator or PC5250 using Secure Sockets, refer to the Access for Windows Users Guide with the message ID and return code.