Charles Mills wrote:
> Do you "own" the target host? Can you issue your own SSL/TLS server
certificate?
>Because you can issue a certificate for an IP address as well as for a name
(or for both one or two names and one or two addresses). Cute feature: with
a name, you can wildcard the high order n
sday, September 21, 2016 4:49 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z/OS TCP/IP question: name resolution order/override
Paul Gilmartin wrote:
> In the interim, could they just use the IP address?
No, it's an SSL (TLS) connection. N
Easy.
There is a directive to either do DNS first or Local first. Previous
poster LOOKUP. Use local first if you want faster resolution for chatty
DNS apps.. like Websphere.
Convert to COMMONSEARCH to get unix, STC/TSO to resolve the same.
Rob Schramm
On Wed, Sep 21, 2016, 7:07 PM Paul Gilmar
On Wed, 21 Sep 2016 19:06:08 -0500, Paul Gilmartin wrote:
>>
>Someone once told me how to start a ssh client to work as
>a NAT for AT/TLS. Tried it. Sort of worked. Didn't pursue
>it because I didn't need it. And my ssh client was on a laptop
>not subject to enterprise security.
>
Oops. Don'
On Wed, 21 Sep 2016 16:48:37 -0700, Phil Smith wrote:
>Paul Gilmartin wrote:
>> In the interim, could they just use the IP address?
>
>No, it's an SSL (TLS) connection. Need to address by hostname.
>
Someone once told me how to start a ssh client to work as
a NAT for AT/TLS. Tried it. Sort of w
Paul Gilmartin wrote:
> In the interim, could they just use the IP address?
No, it's an SSL (TLS) connection. Need to address by hostname.
> Or choose a friendly nameserver in /etc/resolv.conf?
Hm? The host isn't *in* DNS, or is in wrong. That's the problem.
On 21 September 2016 at 18:40, Phil Smith wrote:
> I had some vague idea that on z/OS, the Resolver can use some or all of:
>
> 1. DNS
>
> 2. Its own configuration data sets, via GLOBALIPNODES statements
>
> 3. /etc/hosts
>
> I just spent some time looking at IBM doc, and what I found
On Wed, 21 Sep 2016 15:40:24 -0700, Phil Smith wrote:
>
>What I'm really looking for is a way for a user-possibly a sysprog-to define
>or override a hostname-to-IP mapping to test something. We keep coming across
>customer systems that don't have a DNS entry for a server that uses SSL (TLS),
>an