troubleshooting Question

Attempting to login with iSeries Access using SSL

Avatar of Jeff Klipa
Jeff Klipa asked on
SSL / HTTPSVPNSecurity
6 Comments1 Solution474 ViewsLast Modified:
Hi iSeries gurus...

I have a need to allow some external consultants to connect via VPN to our iSeries to perform some work for us...
Our security team won't allow this connection to be unsecured...
So, I'm taking a crash course on the use of Digital Certificate Manager to get a SSL Certificate created to allow the SSL connection...

I believe I've got the SSL Cert Store and Cert created...
I Created the Certificate Authority (CA), and the Certificate, and Enabled it.
I downloaded the Cert to my local PC, and installed it into the MMC on my Win7 laptop... (Not sure this was necessary)
Changed the 5250 session config to use SSL...

When I try to connect, I'm getting the generic error CWBCO1049 error "IBM I server application is not started or the connection was blocked by a firewall"

I checked that the System I Access servers are started for "Sign on" and "Server Mapper" - STRHOSTSVR SERVER(*ALL)

I'm thinking that there is something wrong in the Certificate configuration I did...
I'm not sure...

If I use the fully qualified Domain Name in the session config the error pops up right away...
If I connect my 5250 emulation session with the IP address instead, I get the "IBM i signon" dialogue box first, I can enter my credentials, and then when I click OK, I get the CWBCO1049 error popup box... This indicates to me that the connection is working, and it's not a firewall problem...

I've never worked with SSL 5250 emulation with iSeries Access before, so I'm kind of stumped right now...
Any guidance would be greatly appreciated...

Thanks,
Jeff K.
ASKER CERTIFIED SOLUTION
Gary Patterson, CISSP
Expert for hire: IBM i, AIX, Linux, Windows, DB2, Performance, Security. EDI

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros