108 lines
9.0 KiB
HTML
108 lines
9.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Assign a certificate to the Telnet server" />
|
|
<meta name="abstract" content="When you enable the Telnet server on your system to use SSL, you can establish secure Telnet connections to your system from iSeries Access for Windows or from any other SSL-enabled Telnet client, such as a Personal Communications emulator." />
|
|
<meta name="description" content="When you enable the Telnet server on your system to use SSL, you can establish secure Telnet connections to your system from iSeries Access for Windows or from any other SSL-enabled Telnet client, such as a Personal Communications emulator." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwssltel.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwremportrest.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwconfiguresslclientauth.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwremportrest.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzain/rzainplanssl.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahudcmfirsttime.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../rzahu/rzahurzahu66adcmstart.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwscenariossldetails.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwconfiguresslclientauth.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwconfiguresslenable.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwchksys.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaiwconfiguresslcert" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Assign a certificate to the Telnet server</title>
|
|
</head>
|
|
<body id="rzaiwconfiguresslcert"><a name="rzaiwconfiguresslcert"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Assign a certificate to the Telnet server</h1>
|
|
<div><p>When you enable the Telnet server on your system to use SSL, you
|
|
can establish secure Telnet connections to your system from iSeries™ Access
|
|
for Windows<sup>®</sup> or
|
|
from any other SSL-enabled Telnet client, such as a Personal Communications
|
|
emulator.</p>
|
|
<div class="section"> Before you can configure the Telnet server to use SSL, you must
|
|
have installed the prerequisite programs and set up digital certificates on
|
|
your system.</div>
|
|
<ol><li class="stepexpand"><span>Start IBM<sup>®</sup> Digital Certificate Manager (DCM).</span> <div class="note"><span class="notetitle">Note:</span> If
|
|
you have questions about how to complete a specific form while using DCM,
|
|
select the question mark (?) at the top of the page to access the online help.</div>
|
|
</li>
|
|
<li class="stepexpand"><span>In the navigation frame, click <span class="uicontrol">Select a Certificate
|
|
Store</span> and select either <span class="uicontrol">*OBJECTSIGNING</span> or <span class="uicontrol">*SYSTEM</span> as
|
|
the certificate store to open.</span></li>
|
|
<li class="stepexpand"><span>Enter the password for the certificate store and click <span class="uicontrol">Continue</span>.</span></li>
|
|
<li class="stepexpand"><span>After the navigation frame refreshes, select <span class="uicontrol">Manage
|
|
Certificates</span> to display a list of tasks.</span></li>
|
|
<li class="stepexpand"><span>From the list of tasks, select <span class="uicontrol">Assign certificate</span> to
|
|
display a list of certificates for the current certificate store.</span></li>
|
|
<li class="stepexpand"><span>Select a certificate from the list and click <span class="uicontrol">Assign
|
|
to Applications</span> to display a list of application definitions for
|
|
the current certificate store.</span></li>
|
|
<li class="stepexpand"><span>Select Telnet from the list and click <span class="uicontrol">Continue</span>.
|
|
A page displays with either a confirmation message for your assignment selection
|
|
or an error message if a problem occurred.</span></li>
|
|
</ol>
|
|
<div class="section"><div class="note"><span class="notetitle">Note:</span> The iSeries Access for Windows clients key database must contain
|
|
a copy of any required Certificate Authority (CA) certificates. In this case,
|
|
a CA certificate must exist in the key database for the certificate that you
|
|
assign to the Telnet server application. The key database comes preconfigured
|
|
with copies of CA certificates from almost all well-known public CAs. If you
|
|
choose to assign a certificate to the telnet server that a Local CA issues,
|
|
however, then you must add a copy of the Local CA certificate to the client
|
|
key database. To learn how to add a copy of a Local CA certificate, see <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablesslclient">Step
|
|
5: Enable SSL on the Telnet client</a> in the Telnet scenario: Secure Telnet
|
|
with SSL - Configuration Details.</div>
|
|
<p>The i5/OS<sup>®</sup> Telnet
|
|
server supports client authentication as an optional component in SSL configuration.
|
|
Client authentication occurs when the server verifies the identity of the
|
|
client by authenticating the client certificate passed up to the server application.</p>
|
|
<p><strong>What
|
|
to do next:</strong></p>
|
|
<p>Enable client authentication for the Telnet server (optional
|
|
step) or Enable SSL on the Telnet server.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwssltel.htm" title="Use this topic to set up SSL on your iSeries server.">Configure SSL on the Telnet server</a></div>
|
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzaiwremportrest.htm" title="In releases before V5R1, port restrictions were used because Secure Sockets Layer (SSL) support was not available for Telnet. Now you can specify whether SSL, non-SSL, or both are to start. Therefore, there is no longer a need for port restrictions.">Remove port restrictions</a></div>
|
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzaiwconfiguresslclientauth.htm" title="The Telnet server supports the authentication of Telnet client certificates. This means that during the SSL handshake, not only will the server generate a server certificate for the client, but also can optionally check for a valid client certificate depending on how Digital Certificate Manager (DCM) is configured.">Enable client authentication for the Telnet server</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="../rzain/rzainplanssl.htm">Prerequisite programs</a></div>
|
|
<div><a href="rzaiwscenariossldetails.htm" title="This topic describes the task steps for securing Telnet with SSL.">Configuration details</a></div>
|
|
</div>
|
|
<div class="reltasks"><strong>Related tasks</strong><br />
|
|
<div><a href="rzaiwremportrest.htm" title="In releases before V5R1, port restrictions were used because Secure Sockets Layer (SSL) support was not available for Telnet. Now you can specify whether SSL, non-SSL, or both are to start. Therefore, there is no longer a need for port restrictions.">Remove port restrictions</a></div>
|
|
<div><a href="../rzahu/rzahudcmfirsttime.htm">Set up digital certificates</a></div>
|
|
<div><a href="../rzahu/rzahurzahu66adcmstart.htm">Start IBM Digital Certificate Manager (DCM)</a></div>
|
|
<div><a href="rzaiwconfiguresslclientauth.htm" title="The Telnet server supports the authentication of Telnet client certificates. This means that during the SSL handshake, not only will the server generate a server certificate for the client, but also can optionally check for a valid client certificate depending on how Digital Certificate Manager (DCM) is configured.">Enable client authentication for the Telnet server</a></div>
|
|
<div><a href="rzaiwconfiguresslenable.htm" title="You can use this topic to understand how to enable SSL on the Telnet server.">Enable SSL on the Telnet server</a></div>
|
|
<div><a href="rzaiwchksys.htm" title="This topic lists the steps necessary to learn steps to follow to check system status.">Check system status</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |