Security
The Security tab contains configuration settings for Secure
Socket Layer (SSL) and Web Express™
Logon (WEL). For more information about security settings, see Security and Web Express Logon.
Note:
To enable SSL for a connection in a ZIETrans EJB project, in the ZIETrans
EJB Project view open the EJB project and the Connections folder and double-click on the
connection. Then follow the directions below.
- Enable SSL
- Select this check box to enable SSL.
Note: If the Telnet server uses a valid well-known personal certificate, then selecting this box is all that is required.
- Import PKCS12 keystore into project
- Select this option to import a PKCS12 keystore file
into your project. Click the Import button
to browse for and import the keystore file into
the project. A pointer to the imported keystore file is set
in the configuration for this connection. Click the Remove button to remove the pointer to
the keystore file from the connection configuration. The keystore file,
itself, is not removed from the project. After importing the
file, the file name appears in the Path
to keystore file edit box. For more information about when this
is necessary and how to create a PKCS12 keystore file see Enabling SSL security.
Note: After importing a keystore file and saving the changes in the connection editor, refresh your project to ensure the keystore file is included in the project. To refresh your project, from the ZIETrans Projects view right-click the project and select Refresh. To set your project to automatically refresh, from the Eclipse menu bar select Window > Preferences > General > Workspace > Refresh automatically.
- Use PKCS12 keystore at a specific path
- Select this option to specify a keystore file that will not
be contained within your project but will exist
elsewhere on the target runtime system. In the Path
to keystore file edit box, specify the complete path and file
name for the keystore file on the target system. For more information
about when this is necessary and how to create a PKCS12 keystore file
see Enabling SSL security.
Note:
- To use this file during testing on your development system, it must reside at the same location on your development system as it does on the target runtime system.
- For ZIETrans Web applications, if you use a keystore file
that is not contained within your project .ear file, and Java™ 2 security is enabled at the
target WebSphere® Application
Server system, you must update the was.policy file on WebSphere® Application Server
before your ZIETrans application tries to access it. The was.policy
file is located in the Navigator view of the project .ear file in
the META-INF directory. For example, to give read permissions for
the keystore file, add the following statement to your was.policy
file.
Wherepermission java.io.FilePermission "c:\\myKeystores\\-", "read";
myKeystores
is the name of the folder containing the keystore file on the target WebSphere® Application Server system. For more information see Java 2 security.
- Path to keystore file
- If you have imported a keystore file, this edit box contains the file name of the imported file. If you have selected the option to Use PKCS12 keystore at a specific path, then enter in this edit box the complete path and file name for the keystore file on the target runtime system.
- Password
- The password required to open the keystore file specified
in the Path to keystore file edit box.
Use the Verify button to test finding
the keystore file and opening it with the password.
Note:
- This is the same password that was used when the keystore file was created. For more information about how to create a PKCS12 keystore file see Enabling SSL security.
- To verify the location and password for a keystore file that is not contained within the project, the keystore file must reside at the same location on your development system as it does on target runtime system.
- The password is not stored in the clear. However, if after deploying your ZIETrans application, you want to change the password without having to redeploy the application, you can modify the password field in the .hco file that represents the connection on the runtime system. After editing the .hco file and making the modification, the password is stored in the clear until you redeploy the application.
- Enable JSSE
- Select this check box to enable JSSE.
- Use JSSE
- Selecting the ‘Use JSSE’ check-box enables the use of TLS v1.0, TLS v1.1, TLS v1.2 or TLS v1.3 using the Java Secure Socket Extension (JSSE) security library, instead of SSLite, for the connection between the ZIETrans and the HOST system. The default option of using the SSLite library, can be overridden by selecting this radio button to use TLS v1.1, TLS v1.2 or TLS v1.3 for a connection.
- Import Java keystore into project
- Select this option to import a jks keystore file into your project. Click the Import button to browse for and import the keystore file into the project. A pointer to the imported keystore file is set in the configuration for this connection. Click the Remove button to remove the pointer to the keystore file from the connection configuration. The keystore file, itself, is not removed from the project. After importing the file, the file name appears in the Path to keystore file edit box.
- Use jks keystore at a specific path
- Select this option to specify a keystore file that will not be contained within your project but will exist elsewhere on the target runtime system. In the Path to keystore file edit box, specify the complete path and file name for the keystore file on the target system.
- Path to keystore file
- If you have imported a keystore file, this edit box contains the file name of the imported file. If you have selected the option to Use jks keystore at a specific path, then enter the complete path and file name for the keystore file on the target runtime system, in this edit box .
- Password
- The password required to open the keystore file specified in the Path to keystore file edit box. Use the Verify button to test if the keystore file can be found and opened using the password.
- Add MSIE browser's keyring
- This check-box can be used only when JSSE is enabled.
Enable this checkbox to support MSCAPI/Microsoft Cryptography API for ZIETrans. When this option is selected, the ZIETrans client accepts certificate authorities trusted by the Microsoft Internet Explorer browser.
When this option is enabled, the ‘SSLBrowserKeyringAdded’ parameter will be set to true in the ‘Advanced’ tab of connection file.
MSCAPI can be used only for ZIETrans toolkit..
Note:- MSCAPI is not supported for SSL.
- As MSCAPI is supported only for toolkit, users must add the jks file for ZIETrans web based application. Otherwise, when deployed in runtime, the connection to host fails while validating the certificate.
- Use Web Express™ Logon (Web-only)
- For ZIETrans Web applications, select this box and click the Configure button to enable and configure WEL. For more information see Using Web Express Logon (WEL).