Starting a Personal Communications SSL session fails to connect on Windows with multiple users
A second Windows user can not establish SSL session using IBM Personal Communications configuration that works for the first Windows user.
User "A" logs on to Windows and runs Certificate Management utility to add a certificate to the PCommClientKeyDb for use by IBM Global Security Kit package. The password to the key data base is stashed.
User "B" logs on to Windows and tries to use the same key data base for secure telnet sessions and they fail to connect. The second user has to run Certificate Management utility and repeat the steps taken by user "A" to get this working.
The IBM Global Security Key (GSKIT) utility is setting special access control for the stash file (.STH) so it is accessible only to the owner (User who has created it). When IBM Personal Communications is installed using the "All Users" or "Classic Private" application data option, there is only one copy of the PCommClientKeyDb files used by the emulator.
Resolving the problem
There are 2 ways to change the access control:
- Use the cacls command from a command window.
- Navigate to the Application Data folder (where .STH file is present)
- Enter the following command: cacls PCommClientKeyDb.sth /E /G USER:F where USER is the Username
- Use Windows Explorer
- Open Explorer and navigate to the directory that includes PCommClientKeyDb.sth.
- Right click on PCommClientKeyDb.sth and select Properties.
- Move to the Security tab and click Add. ( Click Edit if Microsoft Windows 7 )
- Enter <computername>\<username> and press OK.