Author Topic: Getting SSL working on client side - what's the secret?  (Read 2469 times)

kurtschwanz

  • Jr. Member
  • **
  • Posts: 11
    • View Profile
Getting SSL working on client side - what's the secret?
« on: June 07, 2019, 12:55:44 PM »
We're trying to enable SSL for CMOD.  We've gotten the server successfully running and I can see arssockd listening on the SSL port we specified.   Not having as much luck on the client side.   I  have tried every permutation of ports (secure, unsecure, 0) and checking the "Use Secure Sockets layer" option.   I've confirmed the client .kdb and .sth file are in the client's config subfolder.   Nothing works....so what am I missing?   

this is V10.1 client

Also, changed the Host Name in the client from "myserver" to FQDN "myserver.mydomain.com" and really thought that was going to be the magic bullet -- but still no dice. 

Anyone have any suggestions?

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
Re: Getting SSL working on client side - what's the secret?
« Reply #1 on: June 07, 2019, 02:15:03 PM »
Kurt - in this thread is what I had to do on the client side to get SSL working (and on the server side for z/OS).

http://www.odusergroup.org/forums/index.php?topic=1938.0

Ed
#zOS #ODF

kurtschwanz

  • Jr. Member
  • **
  • Posts: 11
    • View Profile
Re: Getting SSL working on client side - what's the secret?
« Reply #2 on: June 10, 2019, 12:13:55 PM »
Hey Ed - thanks.   Am I correct in thinking you imported your server's cert to the client's keydb? 

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1199
    • View Profile
Re: Getting SSL working on client side - what's the secret?
« Reply #3 on: June 11, 2019, 01:31:22 PM »
Hey Ed - thanks.   Am I correct in thinking you imported your server's cert to the client's keydb?

Yes.

Don't ask me too much about certificates.  What's in that procedure is about all I know.   ;D

Ed
#zOS #ODF

kurtschwanz

  • Jr. Member
  • **
  • Posts: 11
    • View Profile
Re: Getting SSL working on client side - what's the secret?
« Reply #4 on: June 12, 2019, 12:22:22 PM »
No luck with that.   It would be really really nice if the client had some kind of log to help troubleshoot.

Greg Ira

  • Full Member
  • ***
  • Posts: 240
    • View Profile
Re: Getting SSL working on client side - what's the secret?
« Reply #5 on: June 13, 2019, 05:20:38 AM »
You can run a trace from the server side and try to connect.  I was able to see from a server trace that the client certificate was bad.  It should give you some clue as to where the process is failing.  If you don't see any error/denial messages in the trace double check that you have all the parms set correctly.
This was a sample of what I saw in the server trace:

04/01/2016 12:02:25:282769 ERROR SYS15104.T182903.RA000.ARNSOCK.SRCCMS.H01(ARNSOCK)(4716)ArcSOCKET_ServerEstablish:socket_init ssl_rc=428 ssl_str=Key entry does not contain a private key

yousuf_gani

  • Jr. Member
  • **
  • Posts: 65
    • View Profile
Re: Getting SSL working on client side - what's the secret?
« Reply #6 on: September 18, 2019, 06:05:38 AM »
Hi Ira / All,
Rechecking this post as my problem is similar to the problem stated above

Could you please help what is the trace parameter In Server side to be setup, to have the Clinet Connection details.
AS my current Server side trace parm as follows
[TRACE]
COMPONENT_LEVEL=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
#TRACE_LEVELS=CMD=15,TSM=15
TRACE_LEVELS=ALL=15
TRACE_FILE=<filename>
TRACE_FORMAT=TEXT
APPEND=0


Doesn't interpret an Client Connection problem in my server trace file.

Our problem is
We use OD V9.5 server and Client.
OD Window Client is with SSL certificate and OD Server also with  SSL enbaled.
OD client connects properly via the normal non-SSL port, but using the SSL enabled in Client using SSL port the connection cant be established.
No error in the System Log /In the trace to check if the client Certificate is correct / wrong.

Please help

thanks & regards
Mohd Yousuf