IBM Software Technical Document
Document Number: 519611543
____________________________________________________________
Functional Area: AS/400 Mail
Subfunctional Area: SMTP
Sub-Subfunctional Area: General
___________________________________________________________
|
Product: |
I5/OS
(5761SS1TC) |
|
OS/400 Release: |
6.1; 6.1.1; 7.1; V6R1M0; V6R1M1; V7R1M0 |
|
Product Release: |
N/A |
|
Classification: |
Entitled/Advanced |
|
Status: |
Available |
|
Date First Made Available |
06/04/2009 |
|
Keywords: |
SMTP |
|
Tasks: |
Use |
|
Document Topics: |
Documentation-191 |
____________________________________________________________
Document Title:
Configuring
SMTP Authentication
|
Abstract |
This document
explains how to configure native SMTP client authentication.
Document
Description:
Before
starting with configuring SMTP for authentication, a digital certificate must
be installed in DCM. For an overview of DCM and digital certificates,
refer to:
o
Rochester Support Center knowledgebase document 416096345, Digital Certificate Manager, Getting Started: Link
o
Redbooks iSeries Wired Network Security at
the following URL: http://www.redbooks.ibm.com/redbooks/SG246168.html
Part 1:
Assigning a Digital Certificate to the SMTP Client
1. From
the main IBM Systems Director Navigator for i5, click on the i5/OS tasks page
and select Digital Certificate Manager:
2. Sign
into the *SYSTEM Store and click Fast Path from the left panel;
then select Work with client applications:
3. Select
i5/OS TCP/IP SMTP Client and click the Work with Application
button:
4. Click
the Update Certificate Assignment button:
5. Select
a valid certificate from the list and click the Assign New Certificate.
Note: If you do not see a
certificate in the list, refer to the documents above on how to create a new
certificate:
6. Make sure
that you have trusted the CA that signed the SMTP server side certificate.
Certificate Authority (CA) certificates in the application trust list:
|
LOCAL_CERTIFICATE_AUTHORITY_10B233A2(3) |
|
LOCAL_CERTIFICATE_AUTHORITY_10B233A2(2) |
|
LOCAL_CERTIFICATE_AUTHORITY_10B233A2(1) |
|
GeoTrust Global CA |
|
GeoTrust True Credentials CA 2 |
|
Equifax Secure Certificate Authority |
|
Equifax Secure eBusiness CA-1 |
|
Equifax Secure eBusiness CA-2 |
|
Equifax Secure Global eBusiness CA-1 |
|
Microsoft Root Authority |
|
Thawte Personal Premium CA |
|
Thawte Personal Freemail CA |
|
Thawte Personal Basic CA |
|
Thawte Premium Server CA |
|
VeriSign Class 3 CA Individual Subscriber-Persona Not Validated |
|
Verisign Class 1 Public Primary Certification Authority |
|
Verisign Class 2 Public Primary Certification Authority |
Part 2:
Authentication
1. Open
i5/OS Navigator and go to Network>Servers>TCP/IP. Right
click on SMTP and select Properties:
2. From
the General tab, add the name of the mail hub that the i5 will authenticate to.
The command line equivalent is as follows:
CHGSMTPA
FWDHUBSVR(MAILHUB)
3. From
the Authentication tab, select Require TLS/SSL and authenticate only the
relay radial button:
This is not required for client authentication; this is for Server
authentication.
4. In the
Logon information for relay server, click the Add button and add the
host name for the mailhub, user name, and password that is used to authenticate
to that mailhub. The command line equivalent is as follows:
ADDSMTPLE
TYPE(*HOSTAUTH) HOSTNAME(MAILHUB) USERNAME(kswan) PASSWORD()
5. Once
this is all completed, restart the SMTP server either from the Navigator screen
or with the following commands:
ENDTCPSVR
*SMTP,
STRTCPSVR *SMTP