Monday, March 23, 2015

Security: Getting Rational Host on Demand on Linux to trust a self-signed certificate

As everyone knows, it is considered to be a best practice to connect to terminal systems over an encrypted connection.  This is even more true the more sensitive the system is you are connecting to.

You would be amazed just how many systems are on the Internet and unprotected.  Using a non-encrypted connection is almost like asking someone to use a packet sniffer and steal your password.

For a good overview of just how many zSystems are on the Internet, I do recommend watching a video by Philip Young on YouTube.  Philip has given several very interesting talks about exposed zSystems.

Now, since you want to encrypt your session, here are instructions for enabling access to servers that use self-signed certificates in Rational Host on Demand.  (NOTE: these instructions were taken from

NOTE:  pictures and additional details will be coming soon
cd /opt/IBM/HostOnDemand/bin
sudo ./CertificateManagement
Switch the section to Signer certificates
Import the certificate you want.