Problem:

A TN3270 listener is configured for a region, and the listener is protected through SSL with a certificate and private key. The trouble is that the system administrator is prompted for, and must enter, the pass phrase for the private key manually every time the region is started.

The system administrator noticed that the documentation, in the following section:

Deployment > Secure Communications (SSL) > Tutorial: Configuring SSL Security in the Server

Says to add the following lines to the "mf-server.dat" file:

[HTTPS Echo/SSL/passphrases]
certificate=
keyfile=open sesame

Though he tried this, he still must enter the pass phrase each time the region is started. What are the correct entries in the "mf-server.dat" file for TN3270 listeners?

Resolution:

The tag in square brackets in mf-server.dat should specify the name of the listener.

For example if the listener is named TN3270, the tag in mf-server.dat should be:

[TN3270/SSL/passphrases]

As another example, if the listener is named FRED, the tag in mf-server.dat should be:

[FRED/SSL/passphrases]

With the tag matching the listener name, and the certificate and keyfile specified correctly in mf-server.dat, it will not be necessary to enter the SSL credentials each time the region is started.