Enabling client authentication for the Telnet server

The Telnet server supports the authentication of Telnet client certificates. This means that during the Secure Sockets Layer (SSL) handshake, not only can the server generate a server certificate for the client, but also can optionally check for a valid client certificate, depending on how Digital Certificate Manager (DCM) is configured.

The DCM allows you to configure whether SSL Client Certificates are required for Telnet sessions.

In order to activate this support, the system administrator indicates how SSL support is handled. Use the Telnet Properties General panel in iSeries™ Navigator to indicate whether SSL, non-SSL, or support for both will start when the Telnet server starts. By default, the SSL and non-SSL support always starts.

The system administrator has the ability to indicate whether the system requires SSL client authentication for all Telnet sessions. When SSL is active and the system requires client authentication, the presence of a valid client certificate means that the client is trusted.

The system applies any negotiated RFC 2877 variables, and the Telnet user exits variables after the satisfaction of SSL controls.

To update the application specifications in IBM^® DCM and enable client authentication for the Telnet server, follow these steps:

1. Start IBM DCM. If you need to obtain or create certificates, or otherwise set up or change your certificate system, do so now.

2. Click Select a Certificate Store.

3. Select *SYSTEM. Click Continue.

4. Enter the appropriate password for *SYSTEM certificate store. Click Continue.

5. When the left navigational menu reloads, expand Manage Applications.

6. Click Update application definition.

7. On the next panel, select Server application. Click Continue.

8. Select i5/OS TCP/IP Telnet Server.

9. Click Update Application Definition.

10. In the table that displays, select Yes to require client authentication.

11. Click Apply.

12. DCM reloads to the Update Application Definition page with a confirmation message. When DCM reloads is finished reloading and updating the application definition for the Telnet server, click Done.

• Example: Enabling client authentication for a PC5250 session
  After you have configured Secure Sockets Layer (SSL) for the Telnet server and specified to use client authentication, users are required to provide a valid and trusted client certificate to the Telnet server for each connection attempt.

Parent topic: