Security

The Security tab contains configuration settings for Secure Socket Layer (SSL) and Web Express Logon (WEL). For more information about security settings, see Security and Web Express Logon.
Note: To enable SSL for a connection in a ZIETrans EJB project, in the ZIETrans EJB Project view open the EJB project and the Connections folder and double-click on the connection. Then follow the directions below.
Enable SSL
Select this check box to enable SSL.
Note: If the Telnet server uses a valid well-known personal certificate, then selecting this box is all that is required.
Import PKCS12 keystore into project
Select this option to import a PKCS12 keystore file into your project. Click the Import button to browse for and import the keystore file into the project. A pointer to the imported keystore file is set in the configuration for this connection. Click the Remove button to remove the pointer to the keystore file from the connection configuration. The keystore file, itself, is not removed from the project. After importing the file, the file name appears in the Path to keystore file edit box. For more information about when this is necessary and how to create a PKCS12 keystore file see Enabling SSL security.
Note: After importing a keystore file and saving the changes in the connection editor, refresh your project to ensure the keystore file is included in the project. To refresh your project, from the ZIETrans Projects view right-click the project and select Refresh. To set your project to automatically refresh, from the Eclipse menu bar select Window > Preferences > General > Workspace > Refresh automatically.
Use PKCS12 keystore at a specific path
Select this option to specify a keystore file that will not be contained within your project but will exist elsewhere on the target runtime system. In the Path to keystore file edit box, specify the complete path and file name for the keystore file on the target system. For more information about when this is necessary and how to create a PKCS12 keystore file see Enabling SSL security.
Note:
  1. To use this file during testing on your development system, it must reside at the same location on your development system as it does on the target runtime system.
  2. For ZIETrans Web applications, if you use a keystore file that is not contained within your project .ear file, and Java™ 2 security is enabled at the target WebSphere® Application Server system, you must update the was.policy file on WebSphere Application Server before your ZIETrans application tries to access it. The was.policy file is located in the Navigator view of the project .ear file in the META-INF directory. For example, to give read permissions for the keystore file, add the following statement to your was.policy file.
    permission java.io.FilePermission "c:\\myKeystores\\-", "read";
    Where myKeystores is the name of the folder containing the keystore file on the target WebSphere Application Server system. For more information see Java 2 security.
Path to keystore file
If you have imported a keystore file, this edit box contains the file name of the imported file. If you have selected the option to Use PKCS12 keystore at a specific path, then enter in this edit box the complete path and file name for the keystore file on the target runtime system.
Password
The password required to open the keystore file specified in the Path to keystore file edit box. Use the Verify button to test finding the keystore file and opening it with the password.
Note:
  1. This is the same password that was used when the keystore file was created. For more information about how to create a PKCS12 keystore file see Enabling SSL security.
  2. To verify the location and password for a keystore file that is not contained within the project, the keystore file must reside at the same location on your development system as it does on target runtime system.
  3. The password is not stored in the clear. However, if after deploying your ZIETrans application, you want to change the password without having to redeploy the application, you can modify the password field in the .hco file that represents the connection on the runtime system. After editing the .hco file and making the modification, the password is stored in the clear until you redeploy the application.
Enable JSSE
Select this check box to enable JSSE.
Use JSSE
Selecting the ‘Use JSSE’ check-box enables the use of TLS v1.0, TLS v1.1, or TLS v1.2 using the Java Secure Socket Extension (JSSE) security library, instead of SSLite, for the connection between the ZIETrans and the HOST system. The default option of using the SSLite library, can be overridden by selecting this radio button to use TLS v1.1 or TLS v1.2 for a connection.
Import Java keystore into project
Select this option to import a jks keystore file into your project. Click the Import button to browse for and import the keystore file into the project. A pointer to the imported keystore file is set in the configuration for this connection. Click the Remove button to remove the pointer to the keystore file from the connection configuration. The keystore file, itself, is not removed from the project. After importing the file, the file name appears in the Path to keystore file edit box.
Use jks keystore at a specific path
Select this option to specify a keystore file that will not be contained within your project but will exist elsewhere on the target runtime system. In the Path to keystore file edit box, specify the complete path and file name for the keystore file on the target system.
Path to keystore file
If you have imported a keystore file, this edit box contains the file name of the imported file. If you have selected the option to Use jks keystore at a specific path, then enter the complete path and file name for the keystore file on the target runtime system, in this edit box .
Password
The password required to open the keystore file specified in the Path to keystore file edit box. Use the Verify button to test if the keystore file can be found and opened using the password.
Add MSIE browser's keyring
This check-box can be used only when JSSE is enabled.

Enable this checkbox to support MSCAPI/Microsoft Cryptography API for ZIETrans. When this option is selected, the ZIETrans client accepts certificate authorities trusted by the Microsoft Internet Explorer browser.

When this option is enabled, the ‘SSLBrowserKeyringAdded’ parameter will be set to true in the ‘Advanced’ tab of connection file.

MSCAPI can be used only for ZIETrans toolkit..

Note:
  1. MSCAPI is not supported for SSL.
  2. As MSCAPI is supported only for toolkit, users must add the jks file for ZIETrans web based application. Otherwise, when deployed in runtime, the connection to host fails while validating the certificate.
Use Web Express Logon (Web-only)
For ZIETrans Web applications, select this box and click the Configure button to enable and configure WEL. For more information see Using Web Express Logon (WEL).