Connect Using SSL/TLS
The Secure Sockets Layer protocol (SSL) and its compatible successor, the Transport Layer Security protocol (TLS), enable a client and server to establish a secure, encrypted connection over a public network. When you connect using SSL/TLS, the client authenticates the server before making a connection, and all data passed between Reflection and the server is encrypted.
Note: SSL/TLS connections use digital certificates for authentication. Depending on how your certificate was issued and the way your host is configured, you may need to install a host and/or personal certificate before you can connect using SSL/TLS.
To configure a secure terminal session using SSL/TLS
- From the Quick Access toolbar, click the New Document button.
- From the Create New Document dialog box, select a session template and click Create.
- In the Host Name/IP Address field, type a name or address.
Note: By default, the host name you enter must exactly match one of the host names entered in either the CommonName or the SubjectAltName field of the host's certificate. The setting Certificate host name must match host being contacted is configured from the PKI Configuration dialog box. Leave this setting selected for maximum security.
- Set Port to the port your host uses for SSL/TLS connections. In most cases you will have to change the default port value. Contact the host system administrator for this information. (For connections to an AS/400, the SSL/TLS port will typically be 992.)
- Select Configure additional settings, and then click OK.
- (VT terminal sessions only) Confirm that the connection type is Telnet, which is the default. (To change the connection type, click Configure Connection Settings, set Network Connection Type to Telnet, and then click the Back arrow button.)
- Under Host Connection, click Set Up Connection Security.
- (3270 and 5250 terminal sessions only) Under Security, click Security Settings.
- From the Security Properties dialog box, select the SSL/TLS tab, and click Use SSL/TLS security.
- (Optional) Use Encryption strength to specify the minimum allowable level of encryption for SSL/TLS connections. The connection fails if this level cannot be provided. If you select Default, any encryption level is permitted, and Reflection negotiates with the host system to choose the strongest encryption level supported by both the host and the PC.
- (Optional) Click Configure PKI.
The PKI Configuration dialog box opens, from which you can manage the digital certificates used for authentication.
- Click OK to close the open dialog boxes and return to the workspace.