4.0 Making Secure Connections
When you open up your legacy hosts to users outside the corporate firewall--business partners, remote users, mobile sales personnel, and others--you need to shield your information from known security threats. With Reflection ZFE, you can provide secure web-to-host access to all your users. Reflection ZFE, along with the Management and Security Server, provides HTTPS connections and a variety of authorization and authentication options.
In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security:
There are instructions for securing each of these connections.
About Java Keytool and certificates
Reflection ZFE and MSS use the Java Key and Management Tool to manage keys and certificates. Using it, you can manage public/private key pairs and certificates. Keys and certificates are stored in a keystore, which, by default, is implemented as a file.
|
To..... |
Use this..... |
|---|---|
|
List certificates |
keytool -list -keystore keystore.jks |
|
Delete certificates |
keytool -delete-alias mydomain -keystore keystore.jks |
|
Export a certificate |
keytool -export -alias mydomain -file mydomain.cer -keystore keystore.jks |
|
Import a certificate |
keytool -importcert -file <path to certificate> -alias <some-alias> -keystore servletcontainer.jks -storetype jceks -storepass not-secure |
|
View stand alone certificate |
keytool -printcert -v -file mydomain.crt |
For more information, see the Java Key and Certificate Management Tool documentation.
