<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en-us" xml:lang="en-us"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="security" content="public" /> <meta name="Robots" content="index,follow" /> <meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' /> <meta name="DC.Type" content="concept" /> <meta name="DC.Title" content="Example: Enable client authentication for a PC5250 session" /> <meta name="abstract" content="After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt." /> <meta name="description" content="After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt." /> <meta name="DC.Relation" scheme="URI" content="rzaiwconfiguresslclientauth.htm" /> <meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu66adcmstart.htm" /> <meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu401usingdcm.htm" /> <meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" /> <meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" /> <meta name="DC.Format" content="XHTML" /> <meta name="DC.Identifier" content="rzaiwconfiguresslclientauthex" /> <meta name="DC.Language" content="en-us" /> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <link rel="stylesheet" type="text/css" href="./ibmdita.css" /> <link rel="stylesheet" type="text/css" href="./ic.css" /> <title>Example: Enable client authentication for a PC5250 session</title> </head> <body id="rzaiwconfiguresslclientauthex"><a name="rzaiwconfiguresslclientauthex"><!-- --></a> <img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script> <h1 class="topictitle1">Example: Enable client authentication for a PC5250 session</h1> <div><p>After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt.</p> <p>Clients need to create a user certificate and import that certificate to the IBM<sup>®</sup> Key Management database before client authentication will work.</p> <div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__createdcm"><a name="rzaiwconfiguresslclientauthex__createdcm"><!-- --></a><h4 class="sectiontitle">Create a user certificate in DCM</h4><ol><li>Start IBM Digital Certificate Manager (DCM). If you need to obtain or create certificates, or otherwise set up or change your certificate system, do so now. See <a href="../rzahu/rzahurzahu401usingdcm.htm" target="_blank">Configure DCM</a> for information on setting up a certificate system.</li> <li>Expand <span class="uicontrol">Create Certificate</span>.</li> <li>Select <span class="uicontrol">User Certificate</span>. Click <span class="uicontrol">Continue</span>.</li> <li>Complete the User Certificate form. Only those fields marked "Required" need to be completed. Click <span class="uicontrol">Continue</span>.</li> <li>Depending on the browser you use, you will be asked to generate a certificate that will be loaded into your browser. Follow the directions provided by the browser.</li> <li>When the Create User Certificate page reloads, click <span class="uicontrol">Install Certificate</span>. This will install the certificate in the browser.</li> <li id="rzaiwconfiguresslclientauthex__exportcert"><a name="rzaiwconfiguresslclientauthex__exportcert"><!-- --></a>Export the certificate to your PC. You must store the certificate in a password-protected file.<div class="note"><span class="notetitle">Note:</span> Microsoft<sup>®</sup> Internet Explorer 5 or Netscape 4.5 are required to use the export and import functions.</div> </li> </ol> </div> <div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__importcertificate"><a name="rzaiwconfiguresslclientauthex__importcertificate"><!-- --></a><h4 class="sectiontitle">Import the certificate to the IBM Key Management</h4><ol><li>Click <span class="menucascade"><span class="uicontrol">Start</span> > <span class="uicontrol">Programs</span> > <span class="uicontrol">IBM iSeries Access for Windows </span> > <span class="uicontrol">iSeries Access for Windows Properties</span></span>.</li> <li>Select the <span class="uicontrol">Secure Sockets</span> tab.</li> <li>Click <span class="uicontrol">IBM Key Management</span>.</li> <li>You will be prompted for your key database password. Unless you have previously changed the password from the default, enter <samp class="codeph">ca400</samp>. A confirmation message is displayed. Click <span class="uicontrol">OK</span>.</li> <li>From the pull-down menu, select <span class="uicontrol">Personal certificates</span>.</li> <li>Click <span class="uicontrol">Import</span>.</li> <li>In the Import key display, enter the file name and path for the certificate. Click <span class="uicontrol">OK</span>.</li> <li>Enter the password for the protected file. This is the same password that you created in Step <a href="#rzaiwconfiguresslclientauthex__exportcert">7</a> of Create a user certificate in DCM. Click <span class="uicontrol">OK</span>. When the certificate has been successfully added to your personal certificates in IBM Key Management, you can use the PC5250 emulator or any other Telnet application.</li> </ol> </div> <div class="section" xml:lang="en-us" id="rzaiwconfiguresslclientauthex__startapc5250emulat"><a name="rzaiwconfiguresslclientauthex__startapc5250emulat"><!-- --></a><h4 class="sectiontitle">Start a PC5250 emulator session from iSeries™ Navigator</h4><ol><li>Open iSeries Navigator.</li> <li>Right-click the name of your system that you have set up for client authentication for Telnet.</li> <li>Select <span class="uicontrol">Display emulator</span>.</li> <li>Select the <span class="uicontrol">Communication</span> menu, then select <span class="uicontrol">Configure</span>.</li> <li>Click <span class="uicontrol">Properties</span>.</li> <li>In the Connection dialog, select the <span class="uicontrol">Use Secure Sockets Layer (SSL)</span>.</li> <li>If you have more than one client certificate, select either <span class="uicontrol">Select certificate when connecting</span> or <span class="uicontrol">Use default</span> to determine which client certificate to use.</li> <li>Click <span class="uicontrol">OK</span>.</li> <li>Click <span class="uicontrol">OK</span>.</li> </ol> </div> </div> <div> <div class="familylinks"> <div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwconfiguresslclientauth.htm" title="The Telnet server supports the authentication of Telnet client certificates. This means that during the SSL handshake, not only will the server generate a server certificate for the client, but also can optionally check for a valid client certificate depending on how Digital Certificate Manager (DCM) is configured.">Enable client authentication for the Telnet server</a></div> </div> <div class="reltasks"><strong>Related tasks</strong><br /> <div><a href="../rzahu/rzahurzahu66adcmstart.htm">Start IBM Digital Certificate Manager (DCM)</a></div> <div><a href="../rzahu/rzahurzahu401usingdcm.htm">Configure DCM</a></div> </div> </div> <img src="./deltaend.gif" alt="End of change" /></body> </html>