Also note that one of the hard parts of SSL with PCOMM is self-signed certs. You need to send a copy of the public key to each user of PCOMM and import the certificate. If you're using a better TN3270 client, like Vista TN3270, you won't have this problem. At least that what I remember when I wandered down that rabbit hole about 5 years ago.
On Tue, Mar 21, 2017 at 8:09 PM, Tom Brennan <[email protected]> wrote: > I created a couple of SSL setup examples (RACF and USS) that worked for me > a few years back. With these instructions I was able to setup SSL > encryption using self-signed certificates (i.e. no paid-for certificates > that your site may require), but without any host or client authentication. > > Later I did figure out how to setup host and client authentication, and in > my tests for that I used the same self-signed certificate as for > encryption. But in my experience, I'd say most people aren't using > authentication and just want encryption. Or maybe they just *think* they > are being authenticated once they get encrypted. Uh oh... > > Anyway, here are some notes. Use them if you can, or throw them away > where they probably belong: > > http://www.mildredbrennan.com/mvs/setting_up_the_tn3270_star > ted_task_for_ssl.docx > > Tom > > > saurabh khandelwal wrote: > >> Yes, I m referring to IBM pcom . For secure two session we would like to >> use 992 port. >> I did google it for archived data but couldn't find steps to implement >> this >> new change in the system >> >> >> >> >> On 20-Mar-2017 3:17 PM, "Elardus Engelbrecht" < >> [email protected]> wrote: >> >> saurabh khandelwal wrote: >> >> >> We have requirement to enable SSL for two access with ibm PCOOM emulator >>> >> >> >> Are you referring to IBM PCOM emulater? Just checking about your spelling. >> >> >> >> with port 992 for secure connection. >>> >> >> >> It depends on what your TCP/IP staff is using that port or any other port >> for TSO logon. >> >> >> >> I tried looking at document and rebook but didn't find any implementation >>> >> >> steps. >> >> Really? There are many books and discussion lists sitting worldwide about >> this topic. Did you asked Mr. G. O. Ogle (Google) for it? >> >> >> >> Can anybody help to make this setup work. >>> >> >> >> Ask your TELNET server staff for assistance. Also ask your RACF staff for >> assistance for setting up a Digital Certificate for TELNET server. >> >> Just ensure you have a default TELNET non-SSL port in case you can't login >> in the first place. >> >> Good luck, this is a major project. (I and my colleagues have been there >> and it was quite a journey, trust me.) >> >> Groete / Greetings >> Elardus Engelbrecht >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> >> > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
