Additional items to consider is a SHARE presentation on SSL which was very good. And the RACF Security Administration manual does a nice job of laying out different scenerios and the needed commands.
You might consider (if the client supports it) just auto-accepting the certificate. Some other things to consider start if you have multiple security databases that are effectively "in synch". You can choose to store the cert in ICSF or in RACF/ACF2/Top Secret/Deadbolt. However, getting the private key back out is troublesome (I think support is coming for this function) if ICSF is used. We are a Top Secret shop with multiple databases. So, I had to think about what I was doing before I started. 0) add a keyring to tn3270 1) generate a cert for tn3270 (to get a private key) 2) generate a cert request for tn3270 2.5) use verisign or internal CA 3) get cert back and import it (don't forget to TRUST it) (may need CA cert too) 4) assign/connect it to the tn3270 keyring 5) export it (with everything) 6) import it at second site -Rob Schramm <snippage> This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
