Management & Control Services Help Globe Icon

Configuring a Client SSL Connection

You must configure a client to use an SSL connection within the client's host access configuration. On the Security page of configuration's Connection settings, there are two basic types of SSL connections that you can set:

The remainder of the topic describes these two connection scenarios.

Note Depending on your host's SSL configuration, you may have to install personal certificates on client PCs. For instructions, see the procedure for obtaining and installing a personal certificate.

Direct Connection to a Host

As shown in the diagram below, a client and host configured for SSL communicate over a secure Telnet session. To configure a host for SSL, see the host security documentation.

Connection to a Host via Security Services

As shown in the diagram below, this option allows you to secure client connections over the Internet to hosts that are not enabled for SSL. Outside of the firewall, Security Services passes secured host traffic over the Internet; inside the firewall, Security Services forwards the traffic unencrypted to the hosts.

The inbound (client to MCS) side of Security Services requires only a single HTTPS port, thereby minimizing the impact on both the client-side and server-side firewall security policies. The outbound (MCS to host) side of Security Services provides a destination filter that restricts access to only authorized host addresses and ports.

The Attachmate-supplied default allows for unrestricted access to hosts. To set up an authorized list of hosts, you must modify the SecurityGateway.properties file. For instructions, see Modifying the SecurityGateway.properties File.

Related Topics
Bullet Overview of Security Services
Bullet Overview of Certificates
Bullet Configuring Security Services
Bullet Obtaining and Installing Certificates
Bullet Modifying the SecurityGateway.properties File
  Attachmate