IBM i Global

Going to start using the TLS version of Navigator for i.  Same function, just secured.  

------------------------------
Robert Berendt IBMChampion
------------------------------

Rob, the 2010 port.. that is the secure port for the HTTP Apache Admin server.  If you come in with that, you are then redirected to the actual Admin1 application server where the Navigator is actually running.  You have options... if you want to only open the 2010 to the outside... the re-route happens on Local host... OR, you can enable the 2003 which is the secure port for the Admin1 server.  Access that directly.   Here is a better link for making sure you have everything set for TLS with Navigator. https://www.ibm.com/support/pages/node/6483573   

Tim

------------------------------
Tim Rowe
------------------------------

Original Message:
Sent: Mon February 19, 2024 02:21 PM
From: Robert Berendt
Subject: "Best Practices" port for TLS version of Navigator for i?

Going to start using the TLS version of Navigator for i.  Same function, just secured.  

Some IBM documentation favors port 2010, some favors 2003.

What is the general consensus on this?

https://www.ibm.com/support/pages/enabling-tls-ibm-navigator-i
https://www.ibm.com/support/pages/node/635463

------------------------------
Robert Berendt IBMChampion
------------------------------

Thank you.  I think my confusion arose from stumbling around in there and not realizing I was working on ADMIN or ADMIN1.

ADMIN uses 6 steps (and often bypasses some) to secure communications.  The others use 10 (and often bypasses some).

I opened a case.  I was referred to this excellent chart:  https://www.ibm.com/support/pages/node/634929?mhsrc=ibmsearch_a&mhq=634929

They also recommended that I not try to secure ADMIN4 as that is for internal use.

?Starting point? : ADMIN
Navigator for i : ADMIN1
Heritage Navigator : ADMIN2 (should be shut off)
DCM or Digital Certificate Manager : ADMIN3
IBM internal use : ADMIN4 : Do NOT secure!
ARE? and testing webserver services? : ADMIN5

------------------------------
Robert Berendt IBMChampion
------------------------------

Original Message:
Sent: Tue February 20, 2024 03:16 AM
From: Tim Rowe
Subject: "Best Practices" port for TLS version of Navigator for i?

Rob, the 2010 port.. that is the secure port for the HTTP Apache Admin server.  If you come in with that, you are then redirected to the actual Admin1 application server where the Navigator is actually running.  You have options... if you want to only open the 2010 to the outside... the re-route happens on Local host... OR, you can enable the 2003 which is the secure port for the Admin1 server.  Access that directly.   Here is a better link for making sure you have everything set for TLS with Navigator. https://www.ibm.com/support/pages/node/6483573   

Tim

------------------------------
Tim Rowe

Original Message:
Sent: Mon February 19, 2024 02:21 PM
From: Robert Berendt
Subject: "Best Practices" port for TLS version of Navigator for i?

Going to start using the TLS version of Navigator for i.  Same function, just secured.  

Some IBM documentation favors port 2010, some favors 2003.

What is the general consensus on this?

https://www.ibm.com/support/pages/enabling-tls-ibm-navigator-i
https://www.ibm.com/support/pages/node/635463

------------------------------
Robert Berendt IBMChampion
------------------------------

Tim supplied this site:

IBM Navigator for i - TLS Encryption

On my site, the IBM i References Pages Blog The IBM i Reference Pages Blog

On the "Tips by Category" page: IBM i Helpful Tips by Category

I have this link:

Enabling TLS for IBM Navigator for i

2 pages with similar titles. 

Ibm		remove preview
Enabling TLS for IBM Navigator for i Navigator for i does not come enabled for TLS by default. Both Heritage Navigator for i and Navigator for i can be enabled for TLS using the same steps. View this on Ibm >

Ibmireference		remove preview
IBM i Helpful Tips by Category IBM i Helpful Tips View this on Ibmireference >

Ibmireference		remove preview
The IBM i Reference Pages Blog IBM i Reference View this on Ibmireference >

------------------------------
Michael Mayer
IBM i on Power System Admin
ERMCO-ECI
Dyersburg, Tennessee 38024
731.676.4318
Blog: https://ibmireference.blogspot.com
------------------------------

Original Message:
Sent: Tue February 20, 2024 03:16 AM
From: Tim Rowe
Subject: "Best Practices" port for TLS version of Navigator for i?

Rob, the 2010 port.. that is the secure port for the HTTP Apache Admin server.  If you come in with that, you are then redirected to the actual Admin1 application server where the Navigator is actually running.  You have options... if you want to only open the 2010 to the outside... the re-route happens on Local host... OR, you can enable the 2003 which is the secure port for the Admin1 server.  Access that directly.   Here is a better link for making sure you have everything set for TLS with Navigator. https://www.ibm.com/support/pages/node/6483573   

Tim

------------------------------
Tim Rowe

Original Message:
Sent: Mon February 19, 2024 02:21 PM
From: Robert Berendt
Subject: "Best Practices" port for TLS version of Navigator for i?

Going to start using the TLS version of Navigator for i.  Same function, just secured.  

Some IBM documentation favors port 2010, some favors 2003.

What is the general consensus on this?

https://www.ibm.com/support/pages/enabling-tls-ibm-navigator-i
https://www.ibm.com/support/pages/node/635463

------------------------------
Robert Berendt IBMChampion
------------------------------