To enable SSL in Easycom you need to create an application and assign a certificate to it. The application ID must be equal to Easycom. The certificate must have been issued by a CA that will be accepted by the client.
To create the application, you will need to use the Digital Certificate Manager (DCM) of the AS/400.
Exactly the same configuration is required to enable SSL connection with Telnet (apart for client part).
Here are the required steps for the server configuration:
• First, connect to the DCM using a web browser, with http://my_iseries:2001 and then click on "Digital Certificate manager" (a tip says that it is for creating and managing digital certificates).
If this doesn’t work, you will need to enable it using iSeries navigator.
• Then, click on "Select a Certificate Store", and select "*SYSTEM", then click "continue". This will prompt you to enter the password for the certificate store.
• Then select "manage applications" on the left menu and click on "Add application". Then select "Server", and click "continue".
Enter "EASYCOM" for the application ID. This is the key that will be used by Easycom. Enter a description and validate.
• Now we need to assign a certificate to the application. This is a required step: the certificate is used to ensure that the server can be trusted and for encryption. There are two options for that :
1. You can generate the certificate using the AS/400 CA (Certificate of Authority). In this case the CA certificate will need to be installed on the client (first, export the CA certificate using the export menu).
2. You can request a certificate from a trust 3rd party CA. In this case you will need to import it into the *SYSTEM certificate store using the "import" menu.
To assign the certificate, click on "Manage Application", and then "Update certificate assignment". Choose "Server" and click "continue". You will see the current assignment ("none assigned") for the application.
Select the ‘Easycom’ entry that you have created and click on ‘Update Certificate Assignment’. Select the appropriate certificate and click on ‘Assign New Certificate’.
Now click on "Validate": this will check that the certificate is valid for the system.
• Finally, configure Easycom server to use SSL using CFGEAC:
CHGCURLIB EASYCOM
CFGEAC LIB(EASYCOM) SSL(*ON)
• Then you need to restart EASYCOMD with the following command:
STREACD PORT(*JOBD) RESTART(*YES)
• Then try a connection from a client using SSL. You can use the Easycom Configuration tool for that.
• You can check the options using the following command:
DSPMSG EASYCOM/EACMSGQ
This will show:
EASYCOMD:Starting from library EASYCOM, Version 3.00.03, (Nov 10 2008
11:15:49/OS530).
EASYCOMD:EASYCOM - (c)AURA Equipments - http://www.easycom-aura.com
------------------------------------- Lib=
;Pwd=SSL support
EASYCOMD:Configuration used for Library EASYCOM is Dq=
SSL=On
In case of problem, the errors will appear here. Note: this does not ensure that the connection is in SSL, but only that SSL will be accepted.
To know if SSL is used during a connection, use EACLOG002 exit program. You usually also can check it in the client application.
Easycom Configuration tool is showing SSL status on the connection test page.
To check it for an active job, look at the call stack of the job. To do this, use WRKACTJOB command, then option 5, and then option 11. If you see "SSL_Read" in the stack, this means that the connection is using SSL.