zoukankan      html  css  js  c++  java
  • 【转载】How to make SSL connection from IBM i ACS

     

    Note: These instructions assume ONLY the ACS Windows Application Package is installed.
    1) On the Windows system, run "cwbcossl.exe".
     
    2) In the box to the right of the "Start CA download from..." button, type in the name or IP address of the IBM i. Then hit the "Start CA download from..." button.
     
    3) Answer Yes to "Are you sure you want to trust all certificates issued by this Certificate Authority?"
     
    4) Enter the password to allow the cwbcossl tool to store the certificate into the key database.
    The default password is "ca400".
     
    5) Exit and restart the cwbcossl tool so that it picks up the configuration changes.
     
    6) Test SSL connectivity with the "SSL" button under Verify Connections.
     
    7) Assuming the test was successful, change the IBM i connection object to default to SSL connectivity. To do so, open an Administrator-level CMD prompt and execute :
    C:> cwbcfg /host <the name or IP address of the IBM i used in step 2> /ssl 1 /r
     
    Finally, configure your data connection to the IBM i. For most data provider connections (OLE DB, ODBC, .Net) you should now see traffic utilizing the SSL database host server port 9471.
    Alternate option which assumes both the ACS Windows Application Package AND the java base ACS package are installed:
     
    If you have already configured SSL with 5250 or some other function in the ACS base (java) package, administrators can go to the "Tools" drop down menu and select "Key Management".  The following window will show Trusted Certificates.
    Highlight the desired trusted certificate and click on the "Push to Windows..." button.
    This will make the certificate available for Windows-native functions such as ODBC.
    Related Information
     
     
    Distributing IBM i Access for Windows SSL certificates to multiple PCs
    
    https://www.ibm.com/support/pages/node/685369
    
    
    Problem
    This document will discuss what IBM i Access for Windows product files that need to be distributed in order to copy SSL certificates from one PC to another.
    Environment
    IBM i OS; IBM i Access for Windows
    Resolving The Problem
    NOTE: The following instructions are provided AS IS. This process is not covered under your IBM SWMA contract.
    
    There is currently no supported method of pushing iSeries Access for Windows SSL certificates to multiple PCs. The steps below have been known to work. Any problems with SSL certificates on PCs that have had their certificate files copied will require the certificates be deleted and re-downloaded from the IBM i server manually.
    
    If all PCs needing SSL connectivity are at the same version and service pack level of IBM i Access, the easiest way to distribute the certificates would be to simply copy the three files that hold the SSL certificate and configuration from a PC with a working SSL configuration to everyone else.
    
    These three files are:
    CWBSSLDF.KDB
    CWBSSLDF.STH
    CWBSSLJAVACA.JCK
    
    Depending on the IBM i Access for Windows version and release and Windows OS version, the above files may exist in different directories. Two primary directories to check for recent product versions are:
    C:Documents and SettingsAll UsersDocumentsIBMClient Access
    C:UsersPublicDocumentsIBMClient Access
    
    To verify the directory on any PC, open the IBM Key Management (Start -> Programs -> IBM i Access for Windows) tool that is installed with the SSL component of the IBM i Access for Windows product. Then, select Key Database File and Open. Specify the file name, CWBSSLDF.KDB, and the Windows file system path and click OK. Enter the default password of "ca400" and press OK. The IBM Key Management tool should then successfully open the key database file.
    

      


  • 相关阅读:
    CentOS 安装Redis
    python中Url链接编码处理(urlencode,urldecode)
    Flask+mongodb 实现简易个人博客
    Flask中mongodb实现flask_login保持登录
    ubuntu环境变量添加变量
    终端执行python shell的方法
    简单的模拟登录Wap版新浪微博
    爬取淘宝模特信息并自动保存图片
    Python字符串的encode与decode
    python3 安装scrapy Exception: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pip/req/req_install.py", line 1006, in check_if_exists解决方法
  • 原文地址:https://www.cnblogs.com/sui84/p/12293257.html
Copyright © 2011-2022 走看看