Secure socket connections in CMS can be configured to request and validate a user certificate.
But that’s not Don’s issue. CMS doesn’t provide any function to map a user certificate to a local identity (VM user ID). Regards, Alan Alan Altmark Senior z/VM Engineer and Consultant IBM Infrastructure Endicott, NY USA > On Jun 15, 2025, at 10:22 AM, Jack Woehr <[email protected]> wrote: > The concept of "client certificate" is baked into the modern web. > I guess you're saying VM doesn't support this natively? > >> On 6/15/25 01:05, Rob van der Heij wrote: >> It is obviously possible to exchange a certificate once the SSL connection >> is ready, as part of some home-grown protocol. Your client would need hold >> that signed certificate and present it to the server. You might be able to >> reuse some logic from GETSHOPZ where we do digital signature verification. >> The client would have their signed credentials on file, but it's not >> something like a password that could be used for other authentication. The >> server side would not need to validate a password but only decode the >> certificate that you signed. >> >> Rob >> >>> On Sun, Jun 15, 2025, 01:49 Donald Russell <[email protected]> wrote: >>> Thanks Jack, >>> No, I don’t want any sort of api/gateway/proxy thing. I was just asking if >>> some sort of certificate sign-in was practical. >>>> On Sat, Jun 14, 2025 at 10:31 Jack Woehr <[email protected]> wrote: >>>> On 6/14/25 08:02, Donald Russell wrote: >>>>> If I have a (z)cms pipe application using tcplisten, how can I make >>> sure >>>>> the in/outgoing traffic is encrypted? >>>> Can you put the connection behind some kind of API gateway? >>>> Jack Woehr # “A learning experience is one of those things >>>> IBM Champion 2021-2025 # that says, 'You know that thing you just did? >>>> http://www.softwoehr.com # Don't do that.'” ― Douglas Adams > > -- > Jack Woehr # “A learning experience is one of those things > IBM Champion 2021-2025 # that says, 'You know that thing you just did? > http://www.softwoehr.com # Don't do that.'” ― Douglas Adams
