Start of change

Example: Enable client authentication for a PC5250 session

After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt.

Clients need to create a user certificate and import that certificate to the IBM® Key Management database before client authentication will work.

Create a user certificate in DCM

  1. Start IBM Digital Certificate Manager (DCM). If you need to obtain or create certificates, or otherwise set up or change your certificate system, do so now. See Configure DCM for information on setting up a certificate system.
  2. Expand Create Certificate.
  3. Select User Certificate. Click Continue.
  4. Complete the User Certificate form. Only those fields marked "Required" need to be completed. Click Continue.
  5. Depending on the browser you use, you will be asked to generate a certificate that will be loaded into your browser. Follow the directions provided by the browser.
  6. When the Create User Certificate page reloads, click Install Certificate. This will install the certificate in the browser.
  7. Export the certificate to your PC. You must store the certificate in a password-protected file.
    Note: Microsoft® Internet Explorer 5 or Netscape 4.5 are required to use the export and import functions.

Import the certificate to the IBM Key Management

  1. Click Start > Programs > IBM iSeries Access for Windows > iSeries Access for Windows Properties.
  2. Select the Secure Sockets tab.
  3. Click IBM Key Management.
  4. You will be prompted for your key database password. Unless you have previously changed the password from the default, enter ca400. A confirmation message is displayed. Click OK.
  5. From the pull-down menu, select Personal certificates.
  6. Click Import.
  7. In the Import key display, enter the file name and path for the certificate. Click OK.
  8. Enter the password for the protected file. This is the same password that you created in Step 7 of Create a user certificate in DCM. Click OK. When the certificate has been successfully added to your personal certificates in IBM Key Management, you can use the PC5250 emulator or any other Telnet application.

Start a PC5250 emulator session from iSeries™ Navigator

  1. Open iSeries Navigator.
  2. Right-click the name of your system that you have set up for client authentication for Telnet.
  3. Select Display emulator.
  4. Select the Communication menu, then select Configure.
  5. Click Properties.
  6. In the Connection dialog, select the Use Secure Sockets Layer (SSL).
  7. If you have more than one client certificate, select either Select certificate when connecting or Use default to determine which client certificate to use.
  8. Click OK.
  9. Click OK.
Parent topic: Enable client authentication for the Telnet server
Related tasks
Start IBM Digital Certificate Manager (DCM)
Configure DCM
End of change