Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Attempting to login with iSeries Access using SSL

Avatar of Jeff Klipa
Jeff Klipa asked on
VPNSecuritySSL / HTTPS
6 Comments1 Solution473 ViewsLast Modified:
Hi iSeries gurus...

I have a need to allow some external consultants to connect via VPN to our iSeries to perform some work for us...
Our security team won't allow this connection to be unsecured...
So, I'm taking a crash course on the use of Digital Certificate Manager to get a SSL Certificate created to allow the SSL connection...

I believe I've got the SSL Cert Store and Cert created...
I Created the Certificate Authority (CA), and the Certificate, and Enabled it.
I downloaded the Cert to my local PC, and installed it into the MMC on my Win7 laptop... (Not sure this was necessary)
Changed the 5250 session config to use SSL...

When I try to connect, I'm getting the generic error CWBCO1049 error "IBM I server application is not started or the connection was blocked by a firewall"

I checked that the System I Access servers are started for "Sign on" and "Server Mapper" - STRHOSTSVR SERVER(*ALL)

I'm thinking that there is something wrong in the Certificate configuration I did...
I'm not sure...

If I use the fully qualified Domain Name in the session config the error pops up right away...
If I connect my 5250 emulation session with the IP address instead, I get the "IBM i signon" dialogue box first, I can enter my credentials, and then when I click OK, I get the CWBCO1049 error popup box... This indicates to me that the connection is working, and it's not a firewall problem...

I've never worked with SSL 5250 emulation with iSeries Access before, so I'm kind of stumped right now...
Any guidance would be greatly appreciated...

Thanks,
Jeff K.
ASKER CERTIFIED SOLUTION
Avatar of Gary Patterson, CISSP
Gary Patterson, CISSPFlag of United States of America imageExpert for hire: IBM i, AIX, Linux, Windows, DB2, Performance, Security. EDI

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 6 Comments.
See Answers