Use this procedure to configure a 3270 session with end-to-end security in Management and Security Server. This configuration combines user authorization with security from Extra! to the destination host.
You can optionally configure these connections to use the IBM Express Logon (also referred to as ELF), when using an 3270 connection to an IBM Mainframe.
SSL is enabled on the host. See the documentation included with the host for instructions.
An installation of Management and Security Server. The Security Proxy must be configured to require. (It can optionally be configured to require . For client authentication, you can use a single certificate or two separate client certificates on each server (Security Proxy and destination host).
Digital certificates. To successfully establish the SSL/TLS sessions between the client and the Security Proxy, and the client and the destination host, you may need multiple digital certificates. See Setting Up Certificates.
Destination SSL hosts and Security Proxy servers typically have server certificates already installed. Each of these server certificates must be trusted by the client. The client will trust a server certificate if:
To use a single server certificate for both the destination host and the Security Proxy, do one of the following:
Certificates used for client authentication must be signed by a certificate authority that is trusted by both the Security Proxy and the destination host’s SSL server.
Express Logon also requires that the client certificate used to authenticate on the TN3270 server be registered with RACF. (For details, see the documentation that came with the 3270 server.)
To configure a session with end-to-end encryption
In a web browser, start Management and Security Server by setting the URL to:
http:// server:port /rweb/AdminStart.html
where server and port are replaced with the Reflection Management server address.
Clickand log on as administrator.
From the left pane, click.
Add a new session or select an existing session, and click.
Follow the wizard's prompts to configure the session. Make sure to leave the default optionselected as the type of connection.
On thetab, from the menu, specify a Reflection Security Proxy Server.
A description of the selected Reflection Security Proxy Server appears below the fields.
Enter a buttercup.flowers.com:3000), and then select the check box.and (the Destination port should be the SSL port on the host, for example,
Clickand continue through the wizard to complete the configuration.
When you click, the session opens in Extra!.
Exit Extra! and save the session.
To create another session, repeat this procedure. You can only create (or have open) one session at a time when running Extra! in Administrative WebStation mode.
Next, make the session available to specific users.