On Thu, 13 Sep 2007 15:16:25 -0500, Thomas Kern <[EMAIL PROTECTED]> wrote:
>I have used SSLSERV to transparently protect HTTP, FTP and POP servers. The >applications in each of those servers know nothing about the protection that >surrounds them. All were using the same certificate as the TN3270 service. I >think I could have generated separate certificate requests and certificates >for each service if my bosses had wanted to pay for them. In the TCPIP >PROFILE, I just added the 'SECURE certname' to each port definition in t hw >same manner as adding to INTCLIENT for TN3270 support. A query from an >OpenSSL command on a linux/x86 system to each of the protected ports returns >the same certificate. > >/Tom Kern >/U.S. Department of Energy >/301-903-2211 Thanks! But of course, I do want my web server to know something about what the protection is, and in some cases we want the client certificate inforamtion. >If you define port 443 (https) as SECURE in PROFILE TCPIP, then you can >use the SSL server certificates. The trick is to get z/Web to listen on >80 and 443 at the same time, treating 443 exactly as it does 80. All >encryption would be handled by the SSL server. I will try that. >But, no, there's no way to share the SSL server's certificate database >with other guests. I don't want to share the database, I just want to put the same certificate into 2 different databases. But I don't think it can be done. (I have also asked Illustro.)
