Friday, January 13, 2006
AS/400 sicheres Client Anmelden
iSeries Information Center
Enabling client authentication for a PC5250 session
After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt.
Clients need to create a user certificate and import that certificate to IBM Key Management database before client authentication will work.
1. Create a user certificate in DCM
1. Start IBM Digital Certificate Manager. If you need to obtain or create certificates, or otherwise setup or change your certificate system, do so now. See Using Digital Certificate Manager for information on setting up a certificate system.
2. Expand Create Certificate.
3. Select User Certificate. Click Continue.
4. Complete the User Certificate form. Only those fields marked "Required" need to be completed. Click Continue.
5. Depending on the browser you use, you will be asked to generate a certificate that will be loaded into your browser. Follow the directions provided by the browser.
6. When the Create User Certificate page reloads, click Install Certificate. This will install the certificate in the browser.
7. Using either your browsers certificate database, export the certificate to your PC. You will be prompted for a password to protect this file. You will use this password when you complete step 2 must place the certificate in a password protected file.
Note: Microsoft Internet Explorer 5 or Netscape 4.5 are required to use the export and import functions.
2. Import the certificate to the IBM Key Management
Note: You must add the Certificate Authority that created the client certificate to the PC key database, otherwise the import of the client certificate will not work.
1. Click Start -> Programs -> IBM AS/400 Client Access Express -> Client Access Properties.
2. Select the Secure Sockets tab.
3. Click IBM Key Management.
4. You will be prompted for your key database password. Unless you have previously changed the password from the default, enter ca400. A confirmation message displays. Click OK.
5. From the pull-down menu, select Personal certificates.
6. Click Import.
7. In the Import key display, enter the file name and path for the certificate. Click OK.
8. Enter the password for the protected file. This is the same password that you created in Step 1g. Click OK. When the certificate has been successfully added to your personal certificates in IBM Key Management, you can use PC5250 emulator or any other Telnet application.
3. Start a PC5250 emulator session from Operations Navigator
1. Open Operations Navigator.
2. Right-click the name of your system that you have set up client authentication for Telnet.
3. Select Display emulator.
4. Select the Communication menu, then select Configure.
5. Click Properties.
6. In the Connection dialog, select the Use Secure Sockets Layer (SSL).
7. If you have more than one client certificate, select either Select certificate when connecting or Use default to determine which client certificate to use.
8. Click OK.
9. Click OK.
Enabling client authentication for a PC5250 session
After you have configured SSL for the Telnet server and specified to use client authentication, users will be required to provide a valid and trusted client certificate to the Telnet server for each connection attempt.
Clients need to create a user certificate and import that certificate to IBM Key Management database before client authentication will work.
1. Create a user certificate in DCM
1. Start IBM Digital Certificate Manager. If you need to obtain or create certificates, or otherwise setup or change your certificate system, do so now. See Using Digital Certificate Manager for information on setting up a certificate system.
2. Expand Create Certificate.
3. Select User Certificate. Click Continue.
4. Complete the User Certificate form. Only those fields marked "Required" need to be completed. Click Continue.
5. Depending on the browser you use, you will be asked to generate a certificate that will be loaded into your browser. Follow the directions provided by the browser.
6. When the Create User Certificate page reloads, click Install Certificate. This will install the certificate in the browser.
7. Using either your browsers certificate database, export the certificate to your PC. You will be prompted for a password to protect this file. You will use this password when you complete step 2 must place the certificate in a password protected file.
Note: Microsoft Internet Explorer 5 or Netscape 4.5 are required to use the export and import functions.
2. Import the certificate to the IBM Key Management
Note: You must add the Certificate Authority that created the client certificate to the PC key database, otherwise the import of the client certificate will not work.
1. Click Start -> Programs -> IBM AS/400 Client Access Express -> Client Access Properties.
2. Select the Secure Sockets tab.
3. Click IBM Key Management.
4. You will be prompted for your key database password. Unless you have previously changed the password from the default, enter ca400. A confirmation message displays. Click OK.
5. From the pull-down menu, select Personal certificates.
6. Click Import.
7. In the Import key display, enter the file name and path for the certificate. Click OK.
8. Enter the password for the protected file. This is the same password that you created in Step 1g. Click OK. When the certificate has been successfully added to your personal certificates in IBM Key Management, you can use PC5250 emulator or any other Telnet application.
3. Start a PC5250 emulator session from Operations Navigator
1. Open Operations Navigator.
2. Right-click the name of your system that you have set up client authentication for Telnet.
3. Select Display emulator.
4. Select the Communication menu, then select Configure.
5. Click Properties.
6. In the Connection dialog, select the Use Secure Sockets Layer (SSL).
7. If you have more than one client certificate, select either Select certificate when connecting or Use default to determine which client certificate to use.
8. Click OK.
9. Click OK.
# posted by Dr. Martin Menzel @ 1:08 PM 
