Connect to an IBM Mainframe via SSL/TLS

Use the following procedure to configure SSL or TLS connections using the upgraded security protocols.


Note: To secure your connections with SSL or TLS, your system must include an SSL/TLS host (server or servers).

To configure the session

  1. Create a new display (or printer) session.
  2. For the connection type, specify TN3270.
  3. In the tabbed window, click the Add button.
  4. In the Configure Connection dialog box, specify the host name or IP address (IPv6, IPv4 or URI), device type, and port.

    Configure Connection (3270)

  5. For Security Type, choose Attachmate SSL v3.0 or Attachmate TLS v1.0.
  6. For Encryption strength, specify a value or Auto (the default). If you specify a value that your connection cannot support, the connection will fail. When Auto is selected, EXTRA! X-treme negotiates with the host system to choose the strongest encryption level supported by both the host and the PC.
  7. To select a client certificate for authentication, do one of the following:
    • Leave Automatically select client certificate selected (the default). When you connect, EXTRA! X-treme will search the Windows certificate store and use the first certificate it finds that is both valid and designated for client authentication. If this certificate is not the correct one, the connection will fail.
    • Choose a certificate from the drop-down list, or select Browse to open the Windows Personal certificate store and choose the appropriate certificate. The specified certificate will be stored in the session file by subject name, issuer and serial number.

      Note: Even though you may have multiple host addresses specified in an EXTRA! X-treme session for a fail-over configuration, you can only specify one client certificate and one encryption strength for a host. For this reason, it's generally best to use the default certificate and encryption strength settings.

  8. Select Verify server identity to have the client compare the host name in the session against the common name in the certificate and to validate the certificate authority (CA) chain.
  9. Specify the remaining options to complete the configuration.

    Note: To change the security settings, in an open session, choose Options > Settings, and on the left, click Connection.