Making Secure Connections
When you open up your legacy hosts to users outside the corporate firewall--business partners, remote users, mobile sales personnel, and others--you need to shield your information from known security threats. With Reflection ZFE, you can provide secure web-to-host access to all your users. Reflection ZFE, along with the Management and Security Server, provides HTTPS connections and a variety of authorization and authentication options.
In a typical Reflection ZFE installation there are three main connection points that you need to consider in regard to security:
There are instructions for securing each of these connections.
About Java Keytool and certificates
Reflection ZFE and MSS use the Java Key and Management Tool to manage keys and certificates. Using it, you can manage public/private key pairs and certificates. Keys and certificates are stored in a keystore, which, by default, is implemented as a file.
|
To..... |
Use this..... |
|---|---|
|
List certificates |
keytool -list -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
|
Delete certificates |
keytool -delete -alias <cert-alias> -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
|
Export a certificate |
keytool -exportcert -file <file-to-store-cert> -alias <cert-alias> -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
|
Import a certificate |
keytool -importcert -file <cert-file> -alias <alias-to-store-cert-under> -keystore <keystore-file> -storetype bcfks -providername BCFIPS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath ../lib/bc-fips-1.0.1.jar -storepass not-secure |
|
View stand alone certificate |
keytool -printcert -v -file <cert-file> |
The Java Key and Certificate Management Tool documentation is available for both Unix and Windows platforms:
