Setting up Redirector with TLS or SSL
To set up Z and I Emulator for Web Redirector with TLS or SSL using a Self-Signed Certificate, do the following:
- Create a Java KeyStore (JKS) file using a trusted open source Key and Certificate Management tool.
If Z and I Emulator for Web client is configured to use JSSE, create a Java KeyStore (JKS) file by name CustomizedCAs.jks and password hodpwd in the publish directory.
- Restart the Z and I Emulator for Web Service Manager.
- Modify or add a Redirector Service with client-side security.
- Modify or add a session to connect with the TLS or SSL-enabled Redirector Service.
Configuring Redirector to use Java Secure Socket Extension (JSSE) on Windows
To configure Redirector to use Jave Secure Socket Extension (JSSE) on Windows, follow these steps:
- In ZIEForWeb\lib directory open redir.properties and add the property useJSSE=true.
- Use the Certificate Management to create a new JKS file by name ServerKeyStore.jks in ZIEForWeb\bin directory.
- Password for the ServerKeyStore.jks must be hodpwd.
- Under Personal Certificates section, create a Self-Signed certificate in ServerKeyStore.jks.
- Extract the Self-Signed certificate as Base64 .arm file and add it to CustomizedCAs.p12 or CustomizedCAs.jks (if ZIEWeb client is configured to use JSSE) present in the ZIEWeb publish directory.
- If one or more redirector ports are configured for Client Authentication, add the certificates received from the clients under Signer Certificates section of ServerKeyStore.jks.
- Restart Z and I Emulator for Web Service Manager.
Enabling TLS or SSL tracing in the Redirector code
To enable TLS or SSL tracing in the Redirector code, follow these steps on the system running
- Stop the Service Manager if it is currently started.
- Set an environment variable:
To set this variable:
- For Windows NT, Windows 2000, and Windows XP use the GUI.
- For Windows 98, use set command on a command line.
- For AIX, use the export command.
- For Linux, export the variable according to the shell being used.
Note: The variable value is case sensitive.
- Start the Service Manager. Under the ..\zieforweb\private directory, look for the file named
NativeSSLTrace.trc. This file has the trace data from the Redirector.
- To stop the trace, stop the Service Manager and set the value of the environment variable to No.
Delete the NativeSSLTrace.trc file if necessary.
Note: Each time the Service Manager is started, the trace file is newly created. All existing contents
of the file are overwritten.