Example: Enabling client authentication for a PC5250 session

 

After you have configured Secure Sockets Layer (SSL) for the Telnet server and specified to use client authentication, users are required to provide a valid and trusted client certificate to the Telnet server for each connection attempt.

Clients need to create a user certificate and import that certificate to the IBM® Key Management database before client authentication works.

 

Creating a user certificate in DCM

  1. Start IBM Digital Certificate Manager (DCM). If you need to obtain or create certificates, or otherwise set up or change your certificate system, do so now.

  2. Expand Create Certificate.

  3. Select User Certificate. Click Continue.

  4. Complete the User Certificate form. Only those fields marked "Required" need to be completed. Click Continue.

  5. Depending on the browser you use, you will be asked to generate a certificate that is loaded into your browser. Follow the directions provided by the browser.

  6. When the Create User Certificate page reloads, click Install Certificate. This installs the certificate in the browser.
  7. Export the certificate to your system. You must store the certificate in a password-protected file.

    Microsoft® Internet Explorer 5 or Netscape 4.5 are required to use the export and import functions.

Importing the certificate to the IBM Key Management

  1. Click Start > Programs > IBM iSeries Access for Windows > iSeries Access for Windows Properties.

  2. Select the Secure Sockets tab.

  3. Click IBM Key Management.

  4. You are prompted for your key database password. Unless you have previously changed the password from the default, enter ca400. A confirmation message is displayed. Click OK.

  5. From the pull-down menu, select Personal certificates.

  6. Click Import.

  7. In the Import key display, enter the file name and path for the certificate. Click OK.

  8. Enter the password for the protected file. This is the same password that you created in Step 7 of Create a user certificate in DCM. Click OK. When the certificate has been successfully added to your personal certificates in IBM Key Management, you can use the PC5250 emulator or any other Telnet application.

 

Starting a PC5250 emulator session from iSeries Navigator

  1. Open iSeries™ Navigator.

  2. Right-click the name of your system that you have set up for client authentication for Telnet.

  3. Select Display emulator.

  4. Select the Communication menu, then select Configure.

  5. Click Properties.

  6. In the Connection dialog, select the Use Secure Sockets Layer (SSL).

  7. If you have more than one client certificate, select either Select certificate when connecting or Use default to determine which client certificate to use.

  8. Click OK.

  9. Click OK.

 

Parent topic:

Enabling client authentication for the Telnet server
Related tasks
Starting Digital Certificate Manager Configuring DCM
Related information
Configuring DCM