IBM eServer iSeries Wired Network Security: OS/400 V5R1 DCM and Cryptographic Enhancements
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
With the increasing number of customers that conduct business over the Internet or other untrusted networks, there is a rising demand to protect data traffic. This IBM Redbooks publication focuses on the network security enhancements that are introduced with OS/400 Version 5 Release 1. You learn how to implement and use the new object signing capabilities, so Business Partners and customers can distribute objects over an untrusted network while assuring their integrity. You are guided through the redesigned Digital Certificate Manager (DCM) with its new functions, such as Certificate Revocation List processing.
For the e-commerce world, availability, security, and performance are critical to business. This book introduces the new 4758 Cryptographic Coprocessor support, which helps improve SSL performance and security. It takes you through the cryptographic coprocessor configuration and explains how to use it by DCM.
This book introduces the new Global Secure Toolkit (GSKit) APIs that provide better functions and more flexibility when writing SSL Sockets applications. You’ll find sample code written in ILE RPG to introduce these new APIs.
This is the first publication to provide complete information about the supported encryption and authentication algorithms and key lengths. It shows how to control your Web server to accept certain ciphers for a secure connection using the new SSL directives.
Chapter 1. Introduction
Chapter 2. Digital Certificate Manager
Chapter 3. Object Signing
Chapter 4. Using hardware cryptography support for SSL/TLS
Chapter 5. Securing OS/400 application traffic with SSL/TLS
Chapter 6. Using SSL in ILE RPG sockets applications
Chapter 7. Ciphers and cryptographic product considerations
Appendix A. 4758 cryptographic coprocessor hardware commands
Appendix B. Granting access to the *SYSTEM certificate store
Appendix C. Enabling SSL for the ADMIN server instance
Appendix D. Creating a local Certificate Authority
Appendix E. Certificate import/export interoperability tests
Appendix F. Publishing a CRL to an OS/400 LDAP server
Appendix G. Using the additional material