140 lines
8.8 KiB
HTML
140 lines
8.8 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Telnet scenario: Secure Telnet with SSL" />
|
|
<meta name="abstract" content="You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries. This scenario provides a step-by-step configuration example." />
|
|
<meta name="description" content="You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries. This scenario provides a step-by-step configuration example." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwscenario.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaiwscenariossldetails.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaiwscenariossl" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Telnet scenario: Secure Telnet with SSL</title>
|
|
</head>
|
|
<body id="rzaiwscenariossl"><a name="rzaiwscenariossl"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Telnet scenario: Secure Telnet with SSL</h1>
|
|
<div><p>You can use Secure Sockets Layer (SSL) to secure Telnet on iSeries™.
|
|
This scenario provides a step-by-step configuration example.</p>
|
|
<div class="section" id="rzaiwscenariossl__situation"><a name="rzaiwscenariossl__situation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>Bob
|
|
is in the process of creating a home-based brokerage business. He has retired
|
|
from his position as a stock broker at a major trading firm, and wants to
|
|
continue to offer brokerage services to a small number of clients from his
|
|
home. He runs his business on a small iSeries server, which he would like to
|
|
use to provide account access to his clients, through 5250 Telnet sessions.
|
|
Bob is currently working on a way to allow his clients continuous access to
|
|
their accounts, so that they can manage their shareholdings. Bob wants his
|
|
clients to use 5250 Telnet sessions to access their accounts, but he is concerned
|
|
about the security of his server, as well as the security of his clients'
|
|
sessions. After researching the iSeries server Telnet security options,
|
|
Bob decides to use Secure Sockets Layer (SSL) to ensure the privacy of data
|
|
over 5250 Telnet sessions between his iSeries server and clients.</p>
|
|
</div>
|
|
<div class="section" id="rzaiwscenariossl__objective"><a name="rzaiwscenariossl__objective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><p>In
|
|
this scenario, Bob wants to secure his brokerage clients' 5250 Telnet sessions
|
|
to their shareholder accounts on his iSeries server. Bob wants to enable SSL
|
|
to protect the privacy of client data as it passes through the Internet. He
|
|
also wants to enable certificates for client authentication to ensure that
|
|
his server verifies that only his clients are accessing their accounts. After
|
|
Bob has configured the Telnet server for SSL and enabled client and server
|
|
authentication, he can roll out this new account accessibility option to his
|
|
clients, assuring them that their account access sessions will be secure.
|
|
After Bob has met the following objectives, he can roll out this
|
|
new account accessibility option to his clients, assuring them that their
|
|
5250 Telnet sessions will be secure:</p>
|
|
<ul><li>Secure the Telnet server with SSL</li>
|
|
<li>Enable the Telnet server for client authentication</li>
|
|
<li>Obtain a private certificate from a local certificate authority (CA) and
|
|
assign it to the Telnet server.</li>
|
|
</ul>
|
|
</div>
|
|
<div class="section" id="rzaiwscenariossl__details"><a name="rzaiwscenariossl__details"><!-- --></a><h4 class="sectionscenariobar">Details</h4><p>In
|
|
this scenario, the setup for the brokerage business is as follows:</p>
|
|
<ul><li>An iSeries server runs i5/OS Version 5 Release 4 (V5R4)
|
|
and provides shareholder account access over 5250 Telnet sessions.</li>
|
|
<li>The i5/OS Telnet server application is started on the iSeries server.</li>
|
|
<li>The Telnet server initializes SSL, and checks the certificate information
|
|
in the <samp class="codeph">QIBM_QTV_TELNET_SERVER</samp> application ID.</li>
|
|
<li>If the Telnet certificate configuration is correct, the Telnet server
|
|
begins listening on the SSL port for client connections.</li>
|
|
<li>A client initiates a request for access to the Telnet server.</li>
|
|
<li>The Telnet server responds by providing its certificate to the client.</li>
|
|
<li>The client software validates the certificate as an acceptable, trusted
|
|
source communicating with the server.</li>
|
|
<li>The Telnet server requests a certificate from the client software.</li>
|
|
<li>The client software presents a certificate to the Telnet server.</li>
|
|
<li>The Telnet server validates the certificate, and recognizes the client's
|
|
right to establish a 5250 session with the server.</li>
|
|
<li>The Telnet server establishes a 5250 session with the client.</li>
|
|
</ul>
|
|
</div>
|
|
<div class="section" id="rzaiwscenariossl__prereq"><a name="rzaiwscenariossl__prereq"><!-- --></a><h4 class="sectionscenariobar">Prerequisites
|
|
and assumptions</h4><p>This scenario makes the following assumptions:</p>
|
|
<ul><li>iSeries server running i5/OS<sup>®</sup> Version 5 Release 2 (V5R2) or later.</li>
|
|
<li>TCP/IP is configured.</li>
|
|
<li>Bob has IOSYSCFG authority.</li>
|
|
<li><a href="rzaiwconfigtelsrvr.htm">Telnet server is configured</a>.</li>
|
|
<li>Bob has addressed the issues in <a href="../rzain/rzainplanssl.htm">Plan for SSL enablement</a>.</li>
|
|
<li>Bob has created a local certificate authority on his iSeries server.</li>
|
|
</ul>
|
|
</div>
|
|
<div class="section" id="rzaiwscenariossl__steps"><a name="rzaiwscenariossl__steps"><!-- --></a><h4 class="sectionscenariobar">Task steps</h4><p>There
|
|
are two sets of tasks that Bob must complete to implement this scenario: One
|
|
set of tasks allows him to set up his iSeries server to use SSL and require
|
|
certificates for user authentication. The other set of tasks allows users
|
|
on Telnet clients to participate in SSL sessions with Bob's Telnet server
|
|
and obtain certificates for user authentication.</p>
|
|
<p>Bob performs the following
|
|
task steps to complete this scenario:</p>
|
|
<p><strong>Telnet server task steps</strong></p>
|
|
<p>To
|
|
implement this scenario, Bob must perform these tasks on his iSeries server:</p>
|
|
<ol><li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__removeport">Remove
|
|
port restrictions</a></li>
|
|
<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__createlca">Create
|
|
and operate Local Certificate Authority</a></li>
|
|
<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__configtelnet">Configure
|
|
Telnet server to require certificates for client authentication</a></li>
|
|
<li><a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablessl">Enable
|
|
and start SSL on Telnet server</a> </li>
|
|
</ol>
|
|
<p><strong>Client configuration task steps</strong></p>
|
|
<p>To implement this scenario,
|
|
each user who will access the Telnet server on Bob's iSeries server must perform these tasks:</p>
|
|
<p> 5. <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__enablesslclient">Enable
|
|
SSL on the Telnet client</a></p>
|
|
<p> 6. <a href="rzaiwscenariossldetails.htm#rzaiwscenariossldetails__telnetclient">Enable
|
|
Telnet client to present certificate for authentication</a></p>
|
|
<p>These
|
|
tasks accomplish both SSL and client authentication by certificates, resulting
|
|
in SSL-secured access to account information for Bob's clients using 5250
|
|
Telnet sessions.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<ul class="ullinks">
|
|
<li class="ulchildlink"><strong><a href="rzaiwscenariossldetails.htm">Configuration details</a></strong><br />
|
|
This topic describes the task steps for securing Telnet with SSL.</li>
|
|
</ul>
|
|
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwscenario.htm" title="This topic provides examples of using Telnet to introduce basic concepts and configuration tasks.">Telnet scenarios</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |