FIPS environments

Start of changeIf you are in an environment that mandates or requires that your security components use Federal Information Processing Standards (FIPS)-certified components/modules, consider the following. For secure Telnet and FTP connections, Z and I Emulator for Web uses FIPS-compliant ciphers by default. If your environment requires the connection to an IBM System i host for file transfer or data transfer, ensure that your system meets the following requirements:
  • Start of changeYou are using a Java JRE that is FIPS certified.End of change
  • You need to configure the HTML parameter UseJSSEforiSeries on the Advanced Options window of the Deployment Wizard and set its value to true.
  • You need to add the certificate from the IBM System i host to the Java Secure Socket Extension (JSSE) client trust store for the Java JRE. Refer to your Java JRE provider for configuration details.
When you have a secure connection to an IBM System i host and are accessing the file transfer capabilities, you will be asked to enter the path and the password for the JSSE Trust Store. If you are performing data transfer to an IBM System i host, you will also see additional fields for entering the path and password for the JSSE Trust Store. End of change
Another way to enter the path and password is to use a Run Applet that is provided with Z and I Emulator for Web. To do this, take the following steps: Start of change
  1. From the menu of a display session, select Actions > Run Applet.
  2. Enter com.ibm.eNetwork.HOD.util.jsse.JSSESetup in the field for the class name.
  3. Click OK.
End of change You only need to configure the JSSE Trust Store oncec. It is a global setting that applies to all sessions. After you have entered the values, they persist until the browser is restarted.

In earlier versions of Z and I Emulator for Web, you can enable FIPS mode authentication through an HTML parameter. The current version of Z and I Emulator for Web provides a menu option to enable or disable the FIPS mode for each session. By default, FIPS mode is enabled for all the sessions.