Thank you. I think my confusion arose from stumbling around in there and not realizing I was working on ADMIN or ADMIN1.
ADMIN uses 6 steps (and often bypasses some) to secure communications. The others use 10 (and often bypasses some).
I opened a case. I was referred to this excellent chart: https://www.ibm.com/support/pages/node/634929?mhsrc=ibmsearch_a&mhq=634929
They also recommended that I not try to secure ADMIN4 as that is for internal use.
?Starting point? : ADMIN
Navigator for i : ADMIN1
Heritage Navigator : ADMIN2 (should be shut off)
DCM or Digital Certificate Manager : ADMIN3
IBM internal use : ADMIN4 : Do NOT secure!
ARE? and testing webserver services? : ADMIN5
------------------------------
Robert Berendt IBMChampion
------------------------------
Original Message:
Sent: Tue February 20, 2024 03:16 AM
From: Tim Rowe
Subject: "Best Practices" port for TLS version of Navigator for i?
Rob, the 2010 port.. that is the secure port for the HTTP Apache Admin server. If you come in with that, you are then redirected to the actual Admin1 application server where the Navigator is actually running. You have options... if you want to only open the 2010 to the outside... the re-route happens on Local host... OR, you can enable the 2003 which is the secure port for the Admin1 server. Access that directly. Here is a better link for making sure you have everything set for TLS with Navigator. https://www.ibm.com/support/pages/node/6483573
Tim
------------------------------
Tim Rowe
Original Message:
Sent: Mon February 19, 2024 02:21 PM
From: Robert Berendt
Subject: "Best Practices" port for TLS version of Navigator for i?
Going to start using the TLS version of Navigator for i. Same function, just secured.
Some IBM documentation favors port 2010, some favors 2003.
What is the general consensus on this?
------------------------------
Robert Berendt IBMChampion
------------------------------