Enable client authentication for the Telnet server

The Telnet server supports the authentication of Telnet client certificates. This means that during the SSL handshake, not only will the server generate a server certificate for the client, but also can optionally check for a valid client certificate depending on how Digital Certificate Manager (DCM) is configured.

The DCM will allow you to configure whether SSL Client Certificates are required for Telnet sessions.

In order to activate this support, the System Administrator will indicate how SSL support will be handled. Use the Telnet Properties General panel in iSeries™ Navigator to indicate whether SSL, non-SSL, or support for both will start when the Telnet server starts. By default, the SSL and non-SSL support always starts.

The System Administrator has the ability to indicate whether the system requires SSL client authentication for all Telnet sessions. When SSL is active and the system requires client authentication, the presence of a valid client certificate means that the client is trusted.

The system applies any negotiated RFC 2877 variables, and Telnet User exits variables after the satisfaction of SSL controls.

To update the application specifications in IBM® DCM and enable client authentication for the Telnet server, follow these steps:

  1. Start IBM Digital DCM. If you need to obtain or create certificates, or otherwise setup or change your certificate system, do so now. See Configure DCM for information on setting up a certificate system.
  2. Click Select a Certificate Store.
  3. Select *SYSTEM. Click Continue.
  4. Enter the appropriate password for *SYSTEM certificate store. Click Continue.
  5. When the left navigational menu reloads, expand Manage Applications.
  6. Click Update application definition.
  7. On the next panel, select Server application. Click Continue.
  8. Select i5/OS TCP/IP Telnet Server.
  9. Click Update Application Definition.
  10. In the table that displays, select Yes to require client authentication.
  11. Click Apply.
  12. DCM reloads to the Update Application Definition page with a confirmation message. When you are finished updating the application definition for the Telnet server, click Done.

For an example of what a client needs to do to enable client authentication by certificate for a Telnet application, see Example: Enable client authentication for a PC5250 session.

What to do next:

Enable SSL on the Telnet server.

Parent topic: Configure SSL on the Telnet server
Previous topic: Assign a certificate to the Telnet server
Next topic: Enable SSL on the Telnet server
Related tasks
Assign a certificate to the Telnet server
Start IBM Digital Digital Certificate Manager (DCM)
Enable SSL on the Telnet server