• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • OS/400 Alert: SSL Certificates

    February 11, 2004 Shannon O'Donnell

    If your shop is one of the thousands using digital certificates to enable secure transactions between your iSeries and users’ browsers, you may have recently experienced a problem with disabled certificate authorities. If not, chances are you will soon. Read on for more details. Also included in this issue is a list of a few of IBM’s recommended fixes for OS/400 licensed programs.

    VERISIGN EXPIRES CERTIFICATE AUTHORITIES

    On January 7, Verisign, a major worldwide provider of digital certificates, experienced a sudden surge in demand for verification of its clients’ certificate authorities. This check is performed by connecting to Verisign’s certificate revocation list (CRL) Web site, at crl.verisign.com. The CRL is a file that confirms a certificate authority’s status, identifying whether a particular certificate authority is valid. When the client HTTP servers were unable to connect to the CRL Web site, the certificate authority on the client system was flagged as expired. When the client system was finally able to connect to the site, several hours later, the certificate authority was also marked as expired since January 7.

    Not all servers were affected immediately. That’s because, at least for OS/400 HTTP servers, the certificate authority is not generally validated unless the HTTP server itself is restarted, via an IPL or through a specific command to do so. And since many OS/400 shops don’t IPL except for scheduled maintenance, they have not yet experienced the failing of their certificate authority.

    If your shop uses the Versign Class 3 certificate authority to process SSL digital certificates, and you have not IPL’d or otherwise restarted your HTTP server since before January 7, you should be aware that at some point you will need to take corrective action. This will entail deleting the current Verisign Class 3 certificate authority and an intermediate certificate authority you have installed on your OS/400 Server, and then downloading and installing the updated certificate authority and intermediate certificate authority from Verisign. For complete details, and for the location of the new, valid certificate authority from Verisign, go to the company’s Web site.

    IBM’S RECOMMENDED FIX OF THE WEEK

    IBM‘s recommended fix for V5R2 TCP/IP can be found on the Recommended Fixes Web site.

    Recommended fixes are available for the V5R2 Telnet server.

    Recommended fixes are available for Client Access.

    Recommended fixes are available for AS/400 NetServer.

    Recommended fixes are available for WebSphere Express 5.0.

    THIS WEEK’S NASTY WINDOWS WORRIES

    W32.HLLW.Deadhat is an interesting worm. It appears to be helping you by uninstalling the MyDoom virus, but then it actually installs a new virus and spreads that to all other computers on your network. Nasty.

    Backdoor.OptixPro.13.C is a Trojan horse that gives a remote hacker full access to your computer over port 4001.

    W32.Mimail.T@mm is another mass-mailing worm. Like most worms of this type, it attempts to mail itself to anyone found in your Outlook address book.

    W32.HLLW.Gaobot.JB is a virus that attempts to spread itself to any network shares you may have mapped on your PC. Once again, a warning: Although it can’t be directly affected by viruses like these, the AS/400 Integrated File System can act as a repository for them.

    VBS.Shania is another backdoor Trojan horse virus that allows access to your computer via Port 2414.

    PTF’S AND FIXES FOR OS/400 AND RELATED PROGRAMS

    IBM’s latest cumulative package for V5R2 customers came out January 21.

    The latest HIPER package was released January 20, so you’ll want to grab this one if you’re not current.

    The Database Group PTF was updated January 26.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Raz-Lee Security

    iSecurity Multi Factor Authentication (MFA) helps organizations meet compliance standards and improve the existing security environment on IBM i. It requires a user to verify his identity with two or more credentials.

    Key Features:

    • iSecurity provides Multi Factor Authentication as part of the user’s initial program
    • Works with every Authenticator App available in the Market.

    Contact us at https://www.razlee.com/isecurity-multi-factor-authentication/

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    AmNet Ditches Intel Server Farm for iSeries Scalability IBM to iSeries Resellers: Learn New Skills or Be Left Behind

    Leave a Reply Cancel reply

Volume 4, Number 4 -- February 11, 2004
THIS ISSUE
SPONSORED BY:

T.L. Ashford
Profound Logic Software
Client Server Development
WorksRight Sofware
Bug Busters Software Engineering

Table of Contents

  • What You Should Know About Activation Groups
  • Soft-Coded Report Distribution
  • Dealing with Divided Date Fields
  • The Better Way to Delete Physical Files
  • OS/400 Alert: SSL Certificates

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Unattended IBM i Operations Continue Upward Climb
  • VS Code Is The Full Stack IDE For IBM i
  • Domino Runs on IBM i 7.5, But HCL Still Working on Power10
  • Four Hundred Monitor, March 6
  • IBM i PTF Guide, Volume 25, Number 11
  • You Ought To Be Committed
  • Thoroughly Modern: What You Need to Know About IBM i Security
  • Spring Brings Events To IBM i Community, And More
  • As I See It: AI-AI-O
  • IBM i PTF Guide, Volume 25, Number 10

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle