[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HTTPAPI using SSL - any system security implications?
Hi Darrell,
IBM has a Redbook entitled "IBM eServer iSeries Wired Network Security:
OS/400 V5R1 DCM and Cryptographic Enhancements" that does a pretty good
job of explaining these things.
http://www.redbooks.ibm.com/redbooks/pdfs/sg246168.pdf
In particular, see Appendix B for info on how to give authority to the
*SYSTEM certificate store without actually giving users access to the
key files in the IFS.
Darrell Kavanagh wrote:
>
> First of all, many thanks for HTTPAPI - it has greatly simplified my
> project.
>
> I need to retrieve an XML document from a secure server. We have all the
> requirements for SSL set up on our box, and we don't need to install a
> particular certificate or anything like that, so after granting user access
> to the *SYSTEM certificate store, I understand that it should "just work".
>
> However our operations dept is asking about the security implications of
> opening up the *SYSTEM certificate store to users. I don't have quite
> enough knowledge to reassure them. Can anyone help on this?
>
> Am I right in thinking that adopted authority will not work with the
> certificate store ('cos its on the ifs)? Presumably this means that we need
> to grant certificate store access directly to all groups who need the SSL
> functionality?
>
> Many thanks,
>
> Darrell
>
>
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------