[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure web sites
I admit that I am not sure of the correct terminology but ....
I mean that it is not set up to contact a secure site and that the
management of the IT department is not sure what needs to be done to make
it capable of contacting a secure site.
I was able to get as far as registering the certificate and then I got
this message from our management:
"You are getting an error when you click
Secure Connection because GONZO is not setup as a secure server.
Apparently this statement in your documentation
is what they are taking exception to and I am not sure how to direct
them. and this is where my program fails
8)
I already have SSL configured on my system for other
apps,
and I
already have a system certificate store. So,
it
asks
me the password for it. I type that.
I had already done the part you described below and your documentation
was very helpful. I made it all the way through to the
above
At 08:16 PM 4/1/2005, you wrote:
Sender: Scott Klement
<sk@xxxxxxxxxxxxxxxx>
Hello Pat,
Thanks for signing up for the mailing list, by the way. It makes things
easier for me!
However, the AS/400 I am using (our
company owned) is not secure so the developers of the web site have had
to create a non-secure site for my development.
What do you mean by "the AS/400 I am using is not
secure"? Do you mean that it's set to security level 20 or
lower? Or that lots of people have access to use it who might not
be trustworthy?
Our question is what do we need to
do to our AS/400 to allow this secure connection. I have found the
documentation for creating a certificate, etc. and have coded it but the
400 doesn't seem to have all it needs.
SETTING UP SSL SUPPORT IN OS/400:
The first thing you have to do is install the digital certificate
manager. This is needed in order for you to configure any SSL
applications on your system.
IBM has information about which licpgms you need for this in the
Information Center. Here's a link to the V5R2 version:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/rzain/rzainplanssl.htm
Once you've done that, you can set up certificates for the first time.
(You don't need to buy a certificate from VeriSign or anything like that,
a private certificate authority will work fine -- unless of course your
pariticlar application requires VeriSign -- but normally that's only for
a Web server or Telnet server or something like that.)
Setting up certificates for the first time is covered here:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/rzahu/rzahudcmfirsttime.htm
CREATING A PROFILE FOR YOUR HTTP APPLICATION
Once you've done that, make sure you've selected the *SYSTEM certificate
store (by clicking the "Select a Certificate Store" link) and
then you should be ready to set up your HTTP application.
To set up the HTTP application:
a) Choose "manage applications"
b) Choose "add application"
c) Choose "client"
d) Set the "Application ID" to something that fits what you're
doing. If you work for a company called ACME, and are working on the
POSTDATA program of the PAYABLES application, you could make the
application ID be "ACME_PAYABLES_POSTDATA". The idea is
that any program that requests this application ID will get a particular
set of SSL settings. If you tell HTTPAPI to use this application
ID, it'll get the settings from this page.
e) I have everything else in my application profile set up with default
values. I like to use "Defined the CA Trust List = NO" so
that I don't have to manually tell my application who it does and doesn't
trust.
f) Under "Application description" type some text that
identifies this profile, like "Settings for Posting data" or
whatever makes sense.
g) Leave the other settings at their defaults, and click
"ADD"
COMPILE SSL SUPPORT INTO HTTPAPI:
At this point, OS/400's SSL software is configured on your system. The
next thing to do is make sure HTTPAPI has SSL compiled into it.
a) CHGCURLIB CURLIB(LIBHTTP)
b) CALL INSTALL
At the prompt, make sure you say YES to compiling SSL support. Answer the
other questions so that it'll recompile HTTPAPI from source
code.
TRYING IT OUT
a) Open up a sample SSL program that's included with HTTPAPI.
Example 3, I think, is a really simple one.
b) Change the application ID in that program to match the one you
configured in the digital certificate manager. This is how HTTPAPI
associates with the settings in the digital certificate
manager.
In EXAMPLE3, you'd set the APP_ID constant to
'ACME_PAYABLES_POSTDATA'
c) Recompile EXAMPLE3 (CRTBNDRPG shoudl do it.)
d) Run it. It should download an SSL document and display the raw HTML
code for it on your screen.
I'm writing these instructions from a (probably poor) memory of what
needed to be done. If there's any steps I'm missing please let me know so
I can update the instructions.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send
mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi
mymailaddr
-----------------------------------------------------------------------
Pat Greenwood, Sr. SAE
QUALCOMM QWBS Midwest Regional Office
Kansas City, MO
(816) 413-7016 (voicemail)
(785) 749-4065 (office)
(785) 749-3258 (fax)
pgreenwo@xxxxxxxxxxxx (e-mail)