IBM i Global

 View Only
Expand all | Collapse all

"Best Practices" port for TLS version of Navigator for i?

  • 1.  "Best Practices" port for TLS version of Navigator for i?

    IBM Champion
    Posted Mon February 19, 2024 02:21 PM

    Going to start using the TLS version of Navigator for i.  Same function, just secured.  

    Some IBM documentation favors port 2010, some favors 2003.
    What is the general consensus on this?


    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------


  • 2.  RE: "Best Practices" port for TLS version of Navigator for i?

    Posted Tue February 20, 2024 03:16 AM

    Rob, the 2010 port.. that is the secure port for the HTTP Apache Admin server.  If you come in with that, you are then redirected to the actual Admin1 application server where the Navigator is actually running.  You have options... if you want to only open the 2010 to the outside... the re-route happens on Local host... OR, you can enable the 2003 which is the secure port for the Admin1 server.  Access that directly.   Here is a better link for making sure you have everything set for TLS with Navigator. https://www.ibm.com/support/pages/node/6483573   

    Tim



    ------------------------------
    Tim Rowe
    ------------------------------



  • 3.  RE: "Best Practices" port for TLS version of Navigator for i?

    IBM Champion
    Posted Tue February 20, 2024 09:37 AM

    Thank you.  I think my confusion arose from stumbling around in there and not realizing I was working on ADMIN or ADMIN1.

    ADMIN uses 6 steps (and often bypasses some) to secure communications.  The others use 10 (and often bypasses some).

    I opened a case.  I was referred to this excellent chart:  https://www.ibm.com/support/pages/node/634929?mhsrc=ibmsearch_a&mhq=634929

    They also recommended that I not try to secure ADMIN4 as that is for internal use.

    ?Starting point? : ADMIN
    Navigator for i : ADMIN1
    Heritage Navigator : ADMIN2 (should be shut off)
    DCM or Digital Certificate Manager : ADMIN3
    IBM internal use : ADMIN4 : Do NOT secure!
    ARE? and testing webserver services? : ADMIN5



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------



  • 4.  RE: "Best Practices" port for TLS version of Navigator for i?

    Posted Wed February 21, 2024 10:04 AM
    Edited by Michael Mayer Wed February 21, 2024 10:09 AM



  • 5.  RE: "Best Practices" port for TLS version of Navigator for i?

    Posted Wed February 21, 2024 10:21 AM

    Tim supplied this site:

    IBM Navigator for i - TLS Encryption

    On my site, the IBM i References Pages Blog The IBM i Reference Pages Blog

    On the "Tips by Category" page: IBM i Helpful Tips by Category

    I have this link:

    Enabling TLS for IBM Navigator for i

    2 pages with similar titles. 

    Ibm remove preview
    Enabling TLS for IBM Navigator for i
    Navigator for i does not come enabled for TLS by default. Both Heritage Navigator for i and Navigator for i can be enabled for TLS using the same steps.
    View this on Ibm >

    Ibmireference remove preview
    IBM i Helpful Tips by Category
    IBM i Helpful Tips
    View this on Ibmireference >

    Ibmireference remove preview
    The IBM i Reference Pages Blog
    IBM i Reference
    View this on Ibmireference >



    ------------------------------
    Michael Mayer
    IBM i on Power System Admin
    ERMCO-ECI
    Dyersburg, Tennessee 38024
    731.676.4318
    Blog: https://ibmireference.blogspot.com
    ------------------------------