Troubleshooting
Problem
This document contains instructions for configuring IBM i Access for Windows to use Secure Socket Layer (SSL) Connectivity with Server Authentication.
Resolving The Problem
This document contains instructions for configuring IBM i Access for Windows to use Secure Socket Layer (SSL) Connectivity with Server Authentication.
This document describes the following:
Before you are able to use Secure Sockets, ensure the Telnet and IBM i Access Host servers are configured to use Secure Sockets. For additional information on how to set this up, refer to the "How Do I Configure Telnet and the IBM i Host Servers for SSL?" FAQ in the Digital Certificate Manager (DCM) - Frequently Asked Questions and Common Tasks IBM Software Technical document.
This document describes the following:
| o | How To Install the Secure Socket Layer (SSL) Component in IBM i Access for Windows |
| o | How To Download the Local Certificate Authority |
| o | How To Configure System i Navigator To Use SSL |
| o | How To Configure PC5250 To Use SSL |
- 1) How To Install the Secure Socket Layer (SSL) Component in IBM i Access for Windows
NOTE: If you see the IBM Key Management application under Start -> Programs -> IBM i Access for Windows, then the SSL component is already installed. You can proceed to step 2 on "How To Download the Local Certificate Authority".
To install the Secure Socket Layer (SSL) component from the IBM i Access for Windows installation image (If a client service pack has been installed after the original installation, a merged installation image containing the same service pack level will be required to accomplish this task.), you should do the following:1. Go to the Windows Control Panel and choose the Add/Remove Programs icon (for Windows 7, this will be called Programs and Features). 2. Locate the IBM i Access for Windows product from the list, once populated. 3. Highlight the product, and click Change. 4. Click Next, then click Modify. 5. Click Next until the Custom Setup dialogue is displayed. 6. Locate Secure Sockets Layer in the list and click the drop-down next to it. 7. ChooseThis feature and all subfeatures will be installed on the local hard drive. 8. Follow the Wizard to complete the installation. 9. Stop and restart the PC.
To verify the Secure Socket Layer component is installed, you should do the following:1. Go to IBM i Access for Windows Properties and click on the Secure Sockets tab:
2. Click OK. - 2) How To Download the Local Certificate Authority
Once the Secure Socket Layer component is installed, the Certificate Authority must be downloaded. Please refer to the following steps on how to do this.1. Start System i Navigator. 2. Under My Connections, right-click on the system name or TCP/IP address. 3. Click on Properties.
4. Click on the Secure Sockets tab.
5. Click Download. This downloads the Certificate Authority from the IBM i to the PC. When downloading the Certificate Authority, you might be prompted for sign-on information depending, on what the sign-on information is set to and if the user has already connected.
The default password for the key management database is ca400 unless it was changed.
Note: The path for the key management database is different depending on the PC operating system. Once the password is typed, click OK.
If the Certificate Authority has been download successfully, the message above is issued. If you have problems downloading the Certificate Authority, refer to the iSeries Access for Windows User's Guide for the message and return codes. Once the Certificate Authority is downloaded, iSeries Navigator and PC5250 to use SSL can be configured. - 3) How To Configure System i Navigator To Use SSL
1. Verify that you are in the Secure Sockets tab in System i Navigator properties:
2. Click on Use Secure Sockets Layer (SSL) for connection, and click OK:
3. When the above message is issued, click OK. Then, close and restart System i Navigator:
There is a padlock next to the system or TCP/IP address you secure; this means you are using Secure Sockets to connect. - 4) How To Configure PC5250 To Use SSL
1. If you already have configured a previous PC5250 session to use non-SSL, click on Communication/configure. If you do not have a PC5250 session configured, create one using Start/Configure or use the Create Desktop icon wizard:
2. By default, the port number is 23. Click on Properties:
3. You can select Use Secured Sockets Layer (SSL) or, if you have iSeries Navigator configured to use SSL, select Use Operations Navigator default. Also notice on the top that you can set the User ID sign-on information for PC5250. Click OK:
4. Notice the port changed from 23 to port 992. Click OK:
5. If changing an existing PC5250 session, the message in Step 4 above is issued. If creating a new PC5250 session, the message is not issued. Click OK, and PC5250 will restart:
Notice the padlock is locked, indicating PC5250 is using Secure Sockets to connect.
For problems connecting iSeries Navigator or PC5250 using Secure Sockets, refer to the iSeries Navigator User's Guide with the message ID and return code.
[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Access for Windows","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1;7.1;6.1.0;7.1.0","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSC3X7","label":"IBM i 6.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":null}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SSC52E","label":"IBM i 7.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":null}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]
Historical Number
631960739
Document Information
Modified date:
18 December 2019
UID
nas8N1011018