IBM Software Technical Document
Document Number: 519611543
____________________________________________________________
Functional
Area:
AS/400 Mail
Subfunctional
Area:
SMTP
Sub-Subfunctional
Area:
General
___________________________________________________________
Product:
|
I5/OS
(5761SS1TC)
IBM TCP/IP CONNECTIVITY UTILIT (5770TC100)
|
|
|
OS/400 Release:
|
6.1;
6.1.1; 7.1; V6R1M0; V6R1M1; V7R1M0
|
Product Release:
|
N/A
|
Classification:
|
Entitled/Advanced
|
Status:
|
Available
|
Date First Made Available
|
06/04/2009
|
Keywords:
|
SMTP
|
|
|
|
|
Tasks:
|
Use
|
Document Topics:
|
Documentation-191
|
____________________________________________________________
Document Title:
Configuring
SMTP Authentication
This document
explains how to configure native SMTP client authentication.
Document
Description:
Before
starting with configuring SMTP for authentication, a digital certificate must
be installed in DCM. For an overview of DCM and digital certificates,
refer to:
o
Rochester Support Center knowledgebase document 416096345, Digital Certificate Manager, Getting Started: Link
o
Redbooks iSeries Wired Network Security at
the following URL: http://www.redbooks.ibm.com/redbooks/SG246168.html
Part 1:
Assigning a Digital Certificate to the SMTP Client
1. From
the main IBM Systems Director Navigator for i5, click on the i5/OS tasks page
and select Digital Certificate Manager:
2. Sign
into the *SYSTEM Store and click Fast Path from the left panel;
then select Work with client applications:
3. Select
i5/OS TCP/IP SMTP Client and click the Work with Application
button:
4. Click
the Update Certificate Assignment button:
5. Select
a valid certificate from the list and click the Assign New Certificate.
Note: If you do not see a
certificate in the list, refer to the documents above on how to create a new
certificate:
6. Make sure
that you have trusted the CA that signed the SMTP server side certificate.
Certificate
Authority (CA) certificates in the application trust list:
LOCAL_CERTIFICATE_AUTHORITY_10B233A2(3)
|
LOCAL_CERTIFICATE_AUTHORITY_10B233A2(2)
|
LOCAL_CERTIFICATE_AUTHORITY_10B233A2(1)
|
GeoTrust
Global CA
|
GeoTrust
True Credentials CA 2
|
Equifax
Secure Certificate Authority
|
Equifax
Secure eBusiness CA-1
|
Equifax
Secure eBusiness CA-2
|
Equifax
Secure Global eBusiness CA-1
|
Microsoft
Root Authority
|
Thawte
Personal Premium CA
|
Thawte
Personal Freemail CA
|
Thawte
Personal Basic CA
|
Thawte
Premium Server CA
|
VeriSign
Class 3 CA Individual Subscriber-Persona Not Validated
|
Verisign
Class 1 Public Primary Certification Authority
|
Verisign
Class 2 Public Primary Certification Authority
|
Part 2:
Authentication
1. Open
i5/OS Navigator and go to Network>Servers>TCP/IP. Right
click on SMTP and select Properties:
2. From
the General tab, add the name of the mail hub that the i5 will authenticate to.
The command line equivalent is as follows:
CHGSMTPA
FWDHUBSVR(MAILHUB)
3. From
the Authentication tab, select Require TLS/SSL and authenticate only the
relay radial button:
This is not required for client authentication; this is for Server
authentication.
4. In the
Logon information for relay server, click the Add button and add the
host name for the mailhub, user name, and password that is used to authenticate
to that mailhub. The command line equivalent is as follows:
ADDSMTPLE
TYPE(*HOSTAUTH) HOSTNAME(MAILHUB) USERNAME(kswan) PASSWORD()
5. Once
this is all completed, restart the SMTP server either from the Navigator screen
or with the following commands:
ENDTCPSVR
*SMTP,
STRTCPSVR *SMTP