On 31/03/2017 6:48 AM, Mark Pace wrote:
Also note that one of the hard parts of SSL with PCOMM is self-signed
certs. You need to send a copy of the public key to each user of PCOMM and
import the certificate. If you're using a better TN3270 client, like Vista
TN3270, you won't have this problem. At least that what I remember when I
wandered down that rabbit hole about 5 years ago.
The better way to do this is with a properly signed certificate. You can
even get certificates free through Lets Encrypt (although that has its
own controversies). The main problem is a severe lack of documentation
on how to install a real certificate vs. creating your own CA and
signing your own.
I'm not sure that I would describe a client that doesn't have the
problem as "better" since it means that the client is not defending
itself against man-in-the-middle attacks (though I do use and like Vista
myself).
--
Andrew Rowley
Black Hill Software
+61 413 302 386
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
