When you open up your legacy hosts to users outside the corporate firewall--business partners, remote users, mobile sales personnel, and others--you need to shield your information from known security threats. With Reflection ZFE, you can provide secure web-to-host access to all your users. Reflection ZFE, along with the MSS, provides HTTPS connections and a variety of authorization and authentication options.
In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security:
About Java Keytool and certificates
Reflection ZFE and MSS use the Java Key and Management Tool to manage keys and certificates. Using it, you can manage public/private key pairs and certificates. Keys and certificates are stored in a keystore, which, by default, is implemented as a file.
To..... |
Use this..... |
---|---|
List certificates |
keytool -list -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
Delete certificates |
keytool -delete -alias <cert-alias> -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
Export a certificate |
keytool -exportcert -file <file-to-store-cert> -alias <cert-alias> -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
Import a certificate |
keytool -importcert -file <cert-file> -alias <alias-to-store-cert-under> -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
View stand alone certificate |
keytool -printcert -v -file <cert-file> |
The Java Key and Certificate Management Tool documentation is available for both Unix and Windows platforms: