IBM Support

MSGSSL002 on new LAN Console session for ACS 1.1.8.7 only

Troubleshooting


Problem

*****UPDATE******
Version 1.1.8.8 of Access Client Solutions is available as of September 20th, 2021.  You can obtain that version of ACS at the following location:
https://www.ibm.com/support/pages/ibm-i-access-client-solutions
This updated version is not susceptible to this problem.
*****UPDATE******
A problem was identified at ACS version 1.1.8.7 for LAN Console connections where the Certificate is not already stored in the IBM Key Management utility.  If you've made a previous connection to this systems console on the same PC then the certificate is already stored in IBM Key Management and this problem will not occur.
This error code is MSGSSL002- The IBM i server application is not trusted for secure sockets connections.
image 9736
The problem has been fixed and will be included in the next version of Access Client Solutions (Tentatively scheduled for 08/2021).  Furthermore, this issue DOES NOT effect any other functions of Access Client Solutions including HMC 5250 console.
Note: This document will be modified with a link to the APAR SE75589 once available.

Resolving The Problem

3 Options for resolving the problem:
Option 1- Manually through a Windows command prompt (preferred method):
  • Open Windows Command prompt (may need to run elevated depending on environment)
  • Change directory (cd command) to the location of the acslaunch you are using.  You can find this by right-clicking the Access Client Solutions and selecting properties.  The Target should have the location to this. Default locations are as follows
    • If 64-bit:
      • C:\Users\<YourWindowsUser\IBM\ClientSolutions\Start_Programs\Windows_x86-64\
      • If All_Users install done: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\
    • If 32-bit
      • C:\Users\<YourWindowsUser\IBM\ClientSolutions\Start_Programs\Windows_i386-32
      • If ALL Users install done: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_i386-32
    • Example command cd C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64
  • Run this command to accept the certificate from the console port:
    • acslaunch_win-xx.exe /PLUGIN=ping /SYSTEM=<Console IP> /PORTS=.CONSOLE /SSL=1 /ACCEPTALLCERTS=1
    • where xx= Bit version you are running this of.  32 or 64 bit.
image 9738
  • This will automatically store the certificate in the IBM Key Management for ACS:
image 9756
You can now Open ACS and connect to the console in question without issue.
Option 2- If you have multiple systems to set up where you could encounter this error several times you can contact IBM and ask for a Test_Fix version that would not be susceptible to this problem.  Note that once a newer version is out this would no longer be an option.
Option 3- If you still have an older version of ACS like 1.1.8.6 that version is not susceptible to this particular bug.  Using that version to make the initial connection that would download the certificate would work.

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSRQKY","label":"IBM i Access Client Solutions"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
22 September 2021

UID

ibm16449420