Goal

To set up SSL security that uses both server and client certificates to connect to a host from a client session through MCS.

This does not affect user authentication to the myAccess Links page or the Products and Updates page, which is provided separately in the products with which they are used.

Method

To use the SSL capabilities of MCS, you must include a server site certificate issued by a certificate authority (CA). If you don't already have a server site certificate, you must obtain and install one.

To provide additional security, you can implement client certificate authentication. With client certificate authentication, a personal certificate is required for all computers that access the MCS console or connect to a host through MCS. In addition, a CA certificate for each client certificate is installed on the MCS server.

Client certificates are optional when using SSL through MCS; however, if you use client certificate authentication, users will not have to provide a user name and password when they access MCS or configurations stored on the MCS server. After your certificates are installed, you can configure your session to connect to the host by way of the MCS secure port and authenticate against the client certificate when a user connects.

Steps

Following are the main steps you need to complete for this How-To:

  1. Get and install a server certificate for your MCS server.

  2. Get and install client certificates for computers that will run viewer sessions. (Optional)

  3. Set the authentication type for your session.

  4. Configure SSL options in the session configuration.

  Attachmate