On Wednesday, 05/21/2008 at 09:03 EDT, "Huegel, Thomas"
<[EMAIL PROTECTED]> wrote:
> I am talking the latter. z/VM's TN3270 server protected by z/VM's
SSLSERV
> z/LINUX.
> Some auditor thinks I need to encrypt my TN3270 sessions.

If your customer has a security policy that says "No passwords in
cleartext on the network", or the moral equivalent, then the auditor is
correct.

We have customers getting their certs from Thawte and Verisign.  You
mention that you have "errors", but you don't elaborate on the process you
used and the errors you got.

Getting your cert a non-standard source (including self-signed) inevitably
creates a problem with the client.  If it is self-signed, then all clients
must have the cert also installed on their own workstation.   If it is
signed by a non-standard source (e.g. local CA), then the non-standard CA
cert must be installed on each workstation.

Use the SSLADMIN command to display the certificate database and you will
see what CA certs are in there.

Alan Altmark
z/VM Development
IBM Endicott

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to