IBM Support

Configuring IBM i Access for Windows v6.1 and v7.1 To Use Secure Socket Layer (SSL)

Technote (troubleshooting)


Problem(Abstract)

This document contains instructions for configuring IBM i Access for Windows to use Secure Socket Layer (SSL) Connectivity with Server Authentication.

Resolving the problem

This document contains instructions for configuring IBM i Access for Windows to use Secure Socket Layer (SSL) Connectivity with Server Authentication.

This document describes the following:

o How To Install the Secure Socket Layer (SSL) Component in IBM i Access for Windows
o How To Download the Local Certificate Authority
o How To Configure System i Navigator To Use SSL
o How To Configure PC5250 To Use SSL
Before you are able to use Secure Sockets, ensure the Telnet and IBM i Access Host servers are configured to use Secure Sockets. For additional information on how to set this up, refer to the " How Do I Configure Telnet and the IBM i Host Servers for SSL?" FAQ in the Digital Certificate Manager (DCM) - Frequently Asked Questions and Common Tasks IBM Software Technical document.

  • - 1) How To Install the Secure Socket Layer (SSL) Component in IBM i Access for Windows


    NOTE: If you see the IBM Key Management application under Start -> Programs -> IBM i Access for Windows, then the SSL component is already installed. You can proceed to step 2 on "How To Download the Local Certificate Authority".

    To install the Secure Socket Layer (SSL) component from the IBM i Access for Windows installation image (If a client service pack has been installed after the original installation, a merged installation image containing the same service pack level will be required to accomplish this task.), you should do the following:

    1. Go to the Windows Control Panel and choose the Add/Remove Programs icon (for Windows 7, this will be called Programs and Features).
    2. Locate the IBM i Access for Windows product from the list, once populated.
    3. Highlight the product, and click Change.
    4. Click Next, then click Modify.
    5. Click Next until the Custom Setup dialogue is displayed.
    6. Locate Secure Sockets Layer in the list and click the drop-down next to it.
    7. ChooseThis feature and all subfeatures will be installed on the local hard drive.
    8. Follow the Wizard to complete the installation.
    9. Stop and restart the PC.

    To verify the Secure Socket Layer component is installed, you should do the following:
    1. Go to IBM i Access for Windows Properties and click on the Secure Sockets tab:

    IBM i Access for Windows Properties dialogue
    2. Click OK.

    • - 2) How To Download the Local Certificate Authority


      Once the Secure Socket Layer component is installed, the Certificate Authority must be downloaded. Please refer to the following steps on how to do this.

      1. Start System i Navigator.
      2. Under My Connections, right-click on the system name or TCP/IP address.
      3. Click on Properties.

      Picture of Access connectin properties
      4. Click on the Secure Sockets tab.

      Picture of Access connectin properties, Secure Sockets details
      5. Click Download. This downloads the Certificate Authority from the IBM i to the PC. When downloading the Certificate Authority, you might be prompted for sign-on information depending, on what the sign-on information is set to and if the user has already connected.

      Picture of prompt for IBMKEYDB password

      The default password for the key management database is ca400 unless it was changed.

      Note: The path for the key management database is different depending on the PC operating system. Once the password is typed, click OK.

      Picture confirming CA Certificate successfully downloaded

      If the Certificate Authority has been download successfully, the message above is issued. If you have problems downloading the Certificate Authority, refer to the iSeries Access for Windows User's Guide for the message and return codes. Once the Certificate Authority is downloaded, iSeries Navigator and PC5250 to use SSL can be configured.

      • - 3) How To Configure System i Navigator To Use SSL

        1. Verify that you are in the Secure Sockets tab in System i Navigator properties:

        Picture of Access Connection Properties SSL Tab and it's details
        2. Click on Use Secure Sockets Layer (SSL) for connection, and click OK:

        Confirmation panel of SSL switch
        3. When the above message is issued, click OK. Then, close and restart System i Navigator:

        Picture of Navigator showing SSL Connection

        There is a padlock next to the system or TCP/IP address you secure; this means you are using Secure Sockets to connect.

        • - 4) How To Configure PC5250 To Use SSL

          1. If you already have configured a previous PC5250 session to use non-SSL, click on Communication/configure. If you do not have a PC5250 session configured, create one using Start/Configure or use the Create Desktop icon wizard:

          Picture of PC5250 configuration details
          2. By default, the port number is 23. Click on Properties:

          Picture of PC5250 Connection details
          3. You can select Use Secured Sockets Layer (SSL) or, if you have iSeries Navigator configured to use SSL, select Use Operations Navigator default. Also notice on the top that you can set the User ID sign-on information for PC5250. Click OK:

          Picture of PC5250 configuration details
          4. Notice the port changed from 23 to port 992. Click OK:

          PC5250 dialog panel asking confirmation
          5. If changing an existing PC5250 session, the message in Step 4 above is issued. If creating a new PC5250 session, the message is not issued. Click OK, and PC5250 will restart:

          Example of PC5250 over SSL

          Notice the padlock is locked, indicating PC5250 is using Secure Sockets to connect.

          For problems connecting iSeries Navigator or PC5250 using Secure Sockets, refer to the iSeries Navigator User's Guide with the message ID and return code.

        Cross reference information
        Segment Product Component Platform Version Edition
        Operating System IBM i 6.1
        Operating System IBM i 7.1

        Historical Number

        631960739

        Document information

        More support for: IBM i
        Access for Windows

        Software version: 6.1, 6.1.0, 7.1, 7.1.0

        Operating system(s): IBM i

        Reference #: N1011018

        Modified date: 29 January 2013


        Translate this page: