PASSPORT Knowledge Base
Configuration

Date Published: March 25, 2008

Date Updated: April 29, 2009

Title

Enabling SSL/TLS Client Authentication

Product

PASSPORT PC to Host, PASSPORT Web to Host

Emulation Types

TN3270, TN5250

Issue

How do I configure PASSPORT to use SSL/TLS Security with Client Authentication?

Solution

To enable Client Authentication For PASSPORT PC to Host:

SSL/TLS security is available for TN3270 and TN5250 sessions. To enable SSL Client Authentication for a new session in PASSPORT PC to Host version 2007-914 or higher, enable the check box on the Security screen of the New Session Wizard:

To add SSL Client Authentication to an existing session:

1. Disconnect from the session
2. Select Setup from the Communication Menu
3. Select the Security tab
4. Enable the checkbox next to Enable Client Authentication. In order to use your own SSL client certificate, it must first be added to the Microsoft Windows Certificate Store:
   
   - The client certificate always contains the public and private key in one file usually with the file extension .PFX or .P12.
   
   - When you import the certificate to the Windows certificates store, usually you will be prompted to enter the password for the private key associated with the certificate.
5. Select the certificate to use

For PASSPORT Web to Host:

From the Administrator:

1. Create a new or open an existing session profile.
2. On the Security tab, enable the check box for SSL/TLS Security:
   
   
3. Enable the checkbox next to Enable Client Authentication. In order to use your own SSL client certificate, it must first be added to the Microsoft Windows Certificate Store.
4. Enter the certificate to use. You must make sure that the name you entered matches exactly to the client certificate's Common Name on the client machine:
   
   

More Information

• The server that you are connecting to must require SSL Client Authentication to use this option.

• When SSL/TLS Security is enabled, a small yellow security lock symbol appears on the PASSPORT Status Bar located at the bottom of the session window. If you double click on this symbol, PASSPORT will display the server certificate information on the server you are currently connected to. PASSPORT uses server authentication to make sure that you are authorized to connect to a specific communication server. When a connection is made to the server, the server responds by sending a digital certificate to PASSPORT.

Keywords

SSL, TLS, security, secure, client, authentication