ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiw_5.4.0.1/rzaiwconfiguresslclientauthex.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Example: Enable client authentication for a PC5250 session" />
<meta name="abstract" content="After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt." />
<meta name="description" content="After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt." />
<meta name="DC.Relation" scheme="URI" content="rzaiwconfiguresslclientauth.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu66adcmstart.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu401usingdcm.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiwconfiguresslclientauthex" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: Enable client authentication for a PC5250 session</title>
</head>
<body id="rzaiwconfiguresslclientauthex"><a name="rzaiwconfiguresslclientauthex"><!-- --></a>
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: Enable client authentication for a PC5250 session</h1>
<div><p>After you have configured SSL for the Telnet server and specified
to use client authentication, users will be required to provide a valid and
trusted client certificate to the Telnet server for each connection attempt.</p>
<p>Clients need to create a user certificate and import that certificate to
the IBM<sup>®</sup> Key
Management database before client authentication will work.</p>
<div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__createdcm"><a name="rzaiwconfiguresslclientauthex__createdcm"><!-- --></a><h4 class="sectiontitle">Create a user certificate
in DCM</h4><ol><li>Start IBM Digital
Certificate Manager (DCM). If you need to obtain or create certificates, or
otherwise set up or change your certificate system, do so now. See <a href="../rzahu/rzahurzahu401usingdcm.htm" target="_blank">Configure DCM</a> for
information on setting up a certificate system.</li>
<li>Expand <span class="uicontrol">Create Certificate</span>.</li>
<li>Select <span class="uicontrol">User Certificate</span>. Click <span class="uicontrol">Continue</span>.</li>
<li>Complete the User Certificate form. Only those fields marked "Required"
need to be completed. Click <span class="uicontrol">Continue</span>.</li>
<li>Depending on the browser you use, you will be asked to generate a certificate
that will be loaded into your browser. Follow the directions provided by the
browser.</li>
<li>When the Create User Certificate page reloads, click <span class="uicontrol">Install
Certificate</span>. This will install the certificate in the browser.</li>
<li id="rzaiwconfiguresslclientauthex__exportcert"><a name="rzaiwconfiguresslclientauthex__exportcert"><!-- --></a>Export the certificate to your PC. You must store the
certificate in a password-protected file.<div class="note"><span class="notetitle">Note:</span> Microsoft<sup>®</sup> Internet Explorer 5 or Netscape
4.5 are required to use the export and import functions.</div>
</li>
</ol>
</div>
<div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__importcertificate"><a name="rzaiwconfiguresslclientauthex__importcertificate"><!-- --></a><h4 class="sectiontitle">Import the certificate
to the IBM Key
Management</h4><ol><li>Click <span class="menucascade"><span class="uicontrol">Start</span> &gt; <span class="uicontrol">Programs</span> &gt; <span class="uicontrol">IBM iSeries Access for Windows </span> &gt; <span class="uicontrol">iSeries Access
for Windows Properties</span></span>.</li>
<li>Select the <span class="uicontrol">Secure Sockets</span> tab.</li>
<li>Click <span class="uicontrol">IBM Key Management</span>.</li>
<li>You will be prompted for your key database password. Unless you have previously
changed the password from the default, enter <samp class="codeph">ca400</samp>. A confirmation
message is displayed. Click <span class="uicontrol">OK</span>.</li>
<li>From the pull-down menu, select <span class="uicontrol">Personal certificates</span>.</li>
<li>Click <span class="uicontrol">Import</span>.</li>
<li>In the Import key display, enter the file name and path for the certificate.
Click <span class="uicontrol">OK</span>.</li>
<li>Enter the password for the protected file. This is the same password that
you created in Step <a href="#rzaiwconfiguresslclientauthex__exportcert">7</a> of
Create a user certificate in DCM. Click <span class="uicontrol">OK</span>. When the
certificate has been successfully added to your personal certificates in IBM Key
Management, you can use the PC5250 emulator or any other Telnet application.</li>
</ol>
</div>
<div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__startapc5250emulat"><a name="rzaiwconfiguresslclientauthex__startapc5250emulat"><!-- --></a><h4 class="sectiontitle">Start a PC5250 emulator
session from iSeries™ Navigator</h4><ol><li>Open iSeries Navigator.</li>
<li>Right-click the name of your system that you have set up for client authentication
for Telnet.</li>
<li>Select <span class="uicontrol">Display emulator</span>.</li>
<li>Select the <span class="uicontrol">Communication</span> menu, then select <span class="uicontrol">Configure</span>.</li>
<li>Click <span class="uicontrol">Properties</span>.</li>
<li>In the Connection dialog, select the <span class="uicontrol">Use Secure Sockets Layer
(SSL)</span>.</li>
<li>If you have more than one client certificate, select either <span class="uicontrol">Select
certificate when connecting</span> or <span class="uicontrol">Use default</span> to
determine which client certificate to use.</li>
<li>Click <span class="uicontrol">OK</span>.</li>
<li>Click <span class="uicontrol">OK</span>.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwconfiguresslclientauth.htm" title="The Telnet server supports the authentication of Telnet client certificates. This means that during the SSL handshake, not only will the server generate a server certificate for the client, but also can optionally check for a valid client certificate depending on how Digital Certificate Manager (DCM) is configured.">Enable client authentication for the Telnet server</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="../rzahu/rzahurzahu66adcmstart.htm">Start IBM Digital Certificate Manager (DCM)</a></div>
<div><a href="../rzahu/rzahurzahu401usingdcm.htm">Configure DCM</a></div>
</div>
</div>
<img src="./deltaend.gif" alt="End of change" /></body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Example: Enable client authentication for a PC5250 session" />`
			`<meta name="abstract" content="After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt." />`
			`<meta name="description" content="After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiwconfiguresslclientauth.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu66adcmstart.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu401usingdcm.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaiwconfiguresslclientauthex" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Example: Enable client authentication for a PC5250 session</title>`
			`</head>`
			`<body id="rzaiwconfiguresslclientauthex"><a name="rzaiwconfiguresslclientauthex"><!-- --></a>`
			`<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Example: Enable client authentication for a PC5250 session</h1>`
			`<div><p>After you have configured SSL for the Telnet server and specified`
			`to use client authentication, users will be required to provide a valid and`
			`trusted client certificate to the Telnet server for each connection attempt.</p>`
			`<p>Clients need to create a user certificate and import that certificate to`
			`the IBM<sup>®</sup> Key`
			`Management database before client authentication will work.</p>`
			`<div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__createdcm"><a name="rzaiwconfiguresslclientauthex__createdcm"><!-- --></a><h4 class="sectiontitle">Create a user certificate`
			`in DCM</h4><ol><li>Start IBM Digital`
			`Certificate Manager (DCM). If you need to obtain or create certificates, or`
			`otherwise set up or change your certificate system, do so now. See <a href="../rzahu/rzahurzahu401usingdcm.htm" target="_blank">Configure DCM</a> for`
			`information on setting up a certificate system.</li>`
			`<li>Expand <span class="uicontrol">Create Certificate</span>.</li>`
			`<li>Select <span class="uicontrol">User Certificate</span>. Click <span class="uicontrol">Continue</span>.</li>`
			`<li>Complete the User Certificate form. Only those fields marked "Required"`
			`need to be completed. Click <span class="uicontrol">Continue</span>.</li>`
			`<li>Depending on the browser you use, you will be asked to generate a certificate`
			`that will be loaded into your browser. Follow the directions provided by the`
			`browser.</li>`
			`<li>When the Create User Certificate page reloads, click <span class="uicontrol">Install`
			`Certificate</span>. This will install the certificate in the browser.</li>`
			`<li id="rzaiwconfiguresslclientauthex__exportcert"><a name="rzaiwconfiguresslclientauthex__exportcert"><!-- --></a>Export the certificate to your PC. You must store the`
			`certificate in a password-protected file.<div class="note"><span class="notetitle">Note:</span> Microsoft<sup>®</sup> Internet Explorer 5 or Netscape`
			`4.5 are required to use the export and import functions.</div>`
			`</li>`
			`</ol>`
			`</div>`
			`<div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__importcertificate"><a name="rzaiwconfiguresslclientauthex__importcertificate"><!-- --></a><h4 class="sectiontitle">Import the certificate`
			`to the IBM Key`
			`Management</h4><ol><li>Click <span class="menucascade"><span class="uicontrol">Start</span> > <span class="uicontrol">Programs</span> > <span class="uicontrol">IBM iSeries Access for Windows </span> > <span class="uicontrol">iSeries Access`
			`for Windows Properties</span></span>.</li>`
			`<li>Select the <span class="uicontrol">Secure Sockets</span> tab.</li>`
			`<li>Click <span class="uicontrol">IBM Key Management</span>.</li>`
			`<li>You will be prompted for your key database password. Unless you have previously`
			`changed the password from the default, enter <samp class="codeph">ca400</samp>. A confirmation`
			`message is displayed. Click <span class="uicontrol">OK</span>.</li>`
			`<li>From the pull-down menu, select <span class="uicontrol">Personal certificates</span>.</li>`
			`<li>Click <span class="uicontrol">Import</span>.</li>`
			`<li>In the Import key display, enter the file name and path for the certificate.`
			`Click <span class="uicontrol">OK</span>.</li>`
			`<li>Enter the password for the protected file. This is the same password that`
			`you created in Step <a href="#rzaiwconfiguresslclientauthex__exportcert">7</a> of`
			`Create a user certificate in DCM. Click <span class="uicontrol">OK</span>. When the`
			`certificate has been successfully added to your personal certificates in IBM Key`
			`Management, you can use the PC5250 emulator or any other Telnet application.</li>`
			`</ol>`
			`</div>`
			`<div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__startapc5250emulat"><a name="rzaiwconfiguresslclientauthex__startapc5250emulat"><!-- --></a><h4 class="sectiontitle">Start a PC5250 emulator`
			`session from iSeries™ Navigator</h4><ol><li>Open iSeries Navigator.</li>`
			`<li>Right-click the name of your system that you have set up for client authentication`
			`for Telnet.</li>`
			`<li>Select <span class="uicontrol">Display emulator</span>.</li>`
			`<li>Select the <span class="uicontrol">Communication</span> menu, then select <span class="uicontrol">Configure</span>.</li>`
			`<li>Click <span class="uicontrol">Properties</span>.</li>`
			`<li>In the Connection dialog, select the <span class="uicontrol">Use Secure Sockets Layer`
			`(SSL)</span>.</li>`
			`<li>If you have more than one client certificate, select either <span class="uicontrol">Select`
			`certificate when connecting</span> or <span class="uicontrol">Use default</span> to`
			`determine which client certificate to use.</li>`
			`<li>Click <span class="uicontrol">OK</span>.</li>`
			`<li>Click <span class="uicontrol">OK</span>.</li>`
			`</ol>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwconfiguresslclientauth.htm" title="The Telnet server supports the authentication of Telnet client certificates. This means that during the SSL handshake, not only will the server generate a server certificate for the client, but also can optionally check for a valid client certificate depending on how Digital Certificate Manager (DCM) is configured.">Enable client authentication for the Telnet server</a></div>`
			`</div>`
			`<div class="reltasks"><strong>Related tasks</strong><br />`
			`<div><a href="../rzahu/rzahurzahu66adcmstart.htm">Start IBM Digital Certificate Manager (DCM)</a></div>`
			`<div><a href="../rzahu/rzahurzahu401usingdcm.htm">Configure DCM</a></div>`
			`</div>`
			`</div>`
			`<img src="./deltaend.gif" alt="End of change" /></body>`
			`</html>`