ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiw_5.4.0.1/rzaiwscenariossl.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Telnet scenario: Secure Telnet with SSL" />
<meta name="abstract" content="You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries. This scenario provides a step-by-step configuration example." />
<meta name="description" content="You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries. This scenario provides a step-by-step configuration example." />
<meta name="DC.Relation" scheme="URI" content="rzaiwscenario.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiwscenariossldetails.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiwscenariossl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Telnet scenario: Secure Telnet with SSL</title>
</head>
<body id="rzaiwscenariossl"><a name="rzaiwscenariossl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Telnet scenario: Secure Telnet with SSL</h1>
<div><p>You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries™.
This scenario provides a step-by-step configuration example.</p>
<div class="section" id="rzaiwscenariossl__situation"><a name="rzaiwscenariossl__situation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>Bob
is in the process of creating a home-based brokerage business. He has retired
from his position as a stock broker at a major trading firm, and wants to
continue to offer brokerage services to a small number of clients from his
home. He runs his business on a small iSeries server, which he would like to
use to provide account access to his clients, through 5250 Telnet sessions.
Bob is currently working on a way to allow his clients continuous access to
their accounts, so that they can manage their shareholdings. Bob wants his
clients to use 5250 Telnet sessions to access their accounts, but he is concerned
about the security of his server, as well as the security of his clients'
sessions. After researching the iSeries server Telnet security options,
Bob decides to use Secure Sockets Layer (SSL) to ensure the privacy of data
over 5250 Telnet sessions between his iSeries server and clients.</p>
</div>
<div class="section" id="rzaiwscenariossl__objective"><a name="rzaiwscenariossl__objective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><p>In
this scenario, Bob wants to secure his brokerage clients' 5250 Telnet sessions
to their shareholder accounts on his iSeries server. Bob wants to enable SSL
to protect the privacy of client data as it passes through the Internet. He
also wants to enable certificates for client authentication to ensure that
his server verifies that only his clients are accessing their accounts. After
Bob has configured the Telnet server for SSL and enabled client and server
authentication, he can roll out this new account accessibility option to his
clients, assuring them that their account access sessions will be secure.
After Bob has met the following objectives, he can roll out this
new account accessibility option to his clients, assuring them that their
5250 Telnet sessions will be secure:</p>
<ul><li>Secure the Telnet server with SSL</li>
<li>Enable the Telnet server for client authentication</li>
<li>Obtain a private certificate from a local certificate authority (CA) and
assign it to the Telnet server.</li>
</ul>
</div>
<div class="section" id="rzaiwscenariossl__details"><a name="rzaiwscenariossl__details"><!-- --></a><h4 class="sectionscenariobar">Details</h4><p>In
this scenario, the setup for the brokerage business is as follows:</p>
<ul><li>An iSeries server runs i5/OS Version 5 Release 4 (V5R4)
and provides shareholder account access over 5250 Telnet sessions.</li>
<li>The i5/OS Telnet server application is started on the iSeries server.</li>
<li>The Telnet server initializes SSL, and checks the certificate information
in the <samp class="codeph">QIBM_QTV_TELNET_SERVER</samp> application ID.</li>
<li>If the Telnet certificate configuration is correct, the Telnet server
begins listening on the SSL port for client connections.</li>
<li>A client initiates a request for access to the Telnet server.</li>
<li>The Telnet server responds by providing its certificate to the client.</li>
<li>The client software validates the certificate as an acceptable, trusted
source communicating with the server.</li>
<li>The Telnet server requests a certificate from the client software.</li>
<li>The client software presents a certificate to the Telnet server.</li>
<li>The Telnet server validates the certificate, and recognizes the client's
right to establish a 5250 session with the server.</li>
<li>The Telnet server establishes a 5250 session with the client.</li>
</ul>
</div>
<div class="section" id="rzaiwscenariossl__prereq"><a name="rzaiwscenariossl__prereq"><!-- --></a><h4 class="sectionscenariobar">Prerequisites
and assumptions</h4><p>This scenario makes the following assumptions:</p>
<ul><li>iSeries server running i5/OS<sup>®</sup> Version 5 Release 2 (V5R2) or later.</li>
<li>TCP/IP is configured.</li>
<li>Bob has IOSYSCFG authority.</li>
<li><a href="rzaiwconfigtelsrvr.htm">Telnet server is configured</a>.</li>
<li>Bob has addressed the issues in <a href="../rzain/rzainplanssl.htm">Plan for SSL enablement</a>.</li>
<li>Bob has created a local certificate authority on his iSeries server.</li>
</ul>
</div>
<div class="section" id="rzaiwscenariossl__steps"><a name="rzaiwscenariossl__steps"><!-- --></a><h4 class="sectionscenariobar">Task steps</h4><p>There
are two sets of tasks that Bob must complete to implement this scenario: One
set of tasks allows him to set up his iSeries server to use SSL and require
certificates for user authentication. The other set of tasks allows users
on Telnet clients to participate in SSL sessions with Bob's Telnet server
and obtain certificates for user authentication.</p>
<p>Bob performs the following
task steps to complete this scenario:</p>
<p><strong>Telnet server task steps</strong></p>
<p>To
implement this scenario, Bob must perform these tasks on his iSeries server:</p>
<ol><li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__removeport">Remove
port restrictions</a></li>
<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__createlca">Create
and operate Local Certificate Authority</a></li>
<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__configtelnet">Configure
Telnet server to require certificates for client authentication</a></li>
<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablessl">Enable
and start SSL on Telnet server</a> </li>
</ol>
<p><strong>Client configuration task steps</strong></p>
<p>To implement this scenario,
each user who will access the Telnet server on Bob's iSeries server must perform these tasks:</p>
<p> 5. <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablesslclient">Enable
SSL on the Telnet client</a></p>
<p> 6. <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__telnetclient">Enable
Telnet client to present certificate for authentication</a></p>
<p>These
tasks accomplish both SSL and client authentication by certificates, resulting
in SSL-secured access to account information for Bob's clients using 5250
Telnet sessions.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzaiwscenariossldetails.htm">Configuration details</a></strong><br />
This topic describes the task steps for securing Telnet with SSL.</li>
</ul>

<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwscenario.htm" title="This topic provides examples of using Telnet to introduce basic concepts and configuration tasks.">Telnet scenarios</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Telnet scenario: Secure Telnet with SSL" />`
			`<meta name="abstract" content="You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries. This scenario provides a step-by-step configuration example." />`
			`<meta name="description" content="You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries. This scenario provides a step-by-step configuration example." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiwscenario.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiwscenariossldetails.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaiwscenariossl" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Telnet scenario: Secure Telnet with SSL</title>`
			`</head>`
			`<body id="rzaiwscenariossl"><a name="rzaiwscenariossl"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Telnet scenario: Secure Telnet with SSL</h1>`
			`<div><p>You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries™.`
			`This scenario provides a step-by-step configuration example.</p>`
			`<div class="section" id="rzaiwscenariossl__situation"><a name="rzaiwscenariossl__situation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>Bob`
			`is in the process of creating a home-based brokerage business. He has retired`
			`from his position as a stock broker at a major trading firm, and wants to`
			`continue to offer brokerage services to a small number of clients from his`
			`home. He runs his business on a small iSeries server, which he would like to`
			`use to provide account access to his clients, through 5250 Telnet sessions.`
			`Bob is currently working on a way to allow his clients continuous access to`
			`their accounts, so that they can manage their shareholdings. Bob wants his`
			`clients to use 5250 Telnet sessions to access their accounts, but he is concerned`
			`about the security of his server, as well as the security of his clients'`
			`sessions. After researching the iSeries server Telnet security options,`
			`Bob decides to use Secure Sockets Layer (SSL) to ensure the privacy of data`
			`over 5250 Telnet sessions between his iSeries server and clients.</p>`
			`</div>`
			`<div class="section" id="rzaiwscenariossl__objective"><a name="rzaiwscenariossl__objective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><p>In`
			`this scenario, Bob wants to secure his brokerage clients' 5250 Telnet sessions`
			`to their shareholder accounts on his iSeries server. Bob wants to enable SSL`
			`to protect the privacy of client data as it passes through the Internet. He`
			`also wants to enable certificates for client authentication to ensure that`
			`his server verifies that only his clients are accessing their accounts. After`
			`Bob has configured the Telnet server for SSL and enabled client and server`
			`authentication, he can roll out this new account accessibility option to his`
			`clients, assuring them that their account access sessions will be secure.`
			`After Bob has met the following objectives, he can roll out this`
			`new account accessibility option to his clients, assuring them that their`
			`5250 Telnet sessions will be secure:</p>`
			`<ul><li>Secure the Telnet server with SSL</li>`
			`<li>Enable the Telnet server for client authentication</li>`
			`<li>Obtain a private certificate from a local certificate authority (CA) and`
			`assign it to the Telnet server.</li>`
			`</ul>`
			`</div>`
			`<div class="section" id="rzaiwscenariossl__details"><a name="rzaiwscenariossl__details"><!-- --></a><h4 class="sectionscenariobar">Details</h4><p>In`
			`this scenario, the setup for the brokerage business is as follows:</p>`
			`<ul><li>An iSeries server runs i5/OS Version 5 Release 4 (V5R4)`
			`and provides shareholder account access over 5250 Telnet sessions.</li>`
			`<li>The i5/OS Telnet server application is started on the iSeries server.</li>`
			`<li>The Telnet server initializes SSL, and checks the certificate information`
			`in the <samp class="codeph">QIBM_QTV_TELNET_SERVER</samp> application ID.</li>`
			`<li>If the Telnet certificate configuration is correct, the Telnet server`
			`begins listening on the SSL port for client connections.</li>`
			`<li>A client initiates a request for access to the Telnet server.</li>`
			`<li>The Telnet server responds by providing its certificate to the client.</li>`
			`<li>The client software validates the certificate as an acceptable, trusted`
			`source communicating with the server.</li>`
			`<li>The Telnet server requests a certificate from the client software.</li>`
			`<li>The client software presents a certificate to the Telnet server.</li>`
			`<li>The Telnet server validates the certificate, and recognizes the client's`
			`right to establish a 5250 session with the server.</li>`
			`<li>The Telnet server establishes a 5250 session with the client.</li>`
			`</ul>`
			`</div>`
			`<div class="section" id="rzaiwscenariossl__prereq"><a name="rzaiwscenariossl__prereq"><!-- --></a><h4 class="sectionscenariobar">Prerequisites`
			`and assumptions</h4><p>This scenario makes the following assumptions:</p>`
			`<ul><li>iSeries server running i5/OS<sup>®</sup> Version 5 Release 2 (V5R2) or later.</li>`
			`<li>TCP/IP is configured.</li>`
			`<li>Bob has IOSYSCFG authority.</li>`
			`<li><a href="rzaiwconfigtelsrvr.htm">Telnet server is configured</a>.</li>`
			`<li>Bob has addressed the issues in <a href="../rzain/rzainplanssl.htm">Plan for SSL enablement</a>.</li>`
			`<li>Bob has created a local certificate authority on his iSeries server.</li>`
			`</ul>`
			`</div>`
			`<div class="section" id="rzaiwscenariossl__steps"><a name="rzaiwscenariossl__steps"><!-- --></a><h4 class="sectionscenariobar">Task steps</h4><p>There`
			`are two sets of tasks that Bob must complete to implement this scenario: One`
			`set of tasks allows him to set up his iSeries server to use SSL and require`
			`certificates for user authentication. The other set of tasks allows users`
			`on Telnet clients to participate in SSL sessions with Bob's Telnet server`
			`and obtain certificates for user authentication.</p>`
			`<p>Bob performs the following`
			`task steps to complete this scenario:</p>`
			`<p><strong>Telnet server task steps</strong></p>`
			`<p>To`
			`implement this scenario, Bob must perform these tasks on his iSeries server:</p>`
			`<ol><li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__removeport">Remove`
			`port restrictions</a></li>`
			`<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__createlca">Create`
			`and operate Local Certificate Authority</a></li>`
			`<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__configtelnet">Configure`
			`Telnet server to require certificates for client authentication</a></li>`
			`<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablessl">Enable`
			`and start SSL on Telnet server</a> </li>`
			`</ol>`
			`<p><strong>Client configuration task steps</strong></p>`
			`<p>To implement this scenario,`
			`each user who will access the Telnet server on Bob's iSeries server must perform these tasks:</p>`
			`<p> 5. <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablesslclient">Enable`
			`SSL on the Telnet client</a></p>`
			`<p> 6. <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__telnetclient">Enable`
			`Telnet client to present certificate for authentication</a></p>`
			`<p>These`
			`tasks accomplish both SSL and client authentication by certificates, resulting`
			`in SSL-secured access to account information for Bob's clients using 5250`
			`Telnet sessions.</p>`
			`</div>`
			`</div>`
			`<div>`
			`<ul class="ullinks">`
			`<li class="ulchildlink"><strong><a href="rzaiwscenariossldetails.htm">Configuration details</a></strong><br />`
			`This topic describes the task steps for securing Telnet with SSL.</li>`
			`</ul>`

			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwscenario.htm" title="This topic provides examples of using Telnet to introduce basic concepts and configuration tasks.">Telnet scenarios</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`