Information Center

Setting up Redirector with TLS or SSL

To set up Z and I Emulator for Web Redirector with TLS or SSL using a Self-Signed Certificate, do the following:

  1. Create a Java KeyStore (JKS) file using a trusted open source Key and Certificate Management tool.
  2. Note:

    If Z and I Emulator for Web client is configured to use JSSE, create a Java KeyStore (JKS) file by name CustomizedCAs.jks and password hodpwd in the publish directory.

  3. Restart the Z and I Emulator for Web Service Manager.
  4. Modify or add a Redirector Service with client-side security.
  5. Modify or add a session to connect with the TLS or SSL-enabled Redirector Service.

Configuring Redirector to use Java Secure Socket Extension (JSSE) on Windows

To configure Redirector to use Jave Secure Socket Extension (JSSE) on Windows, follow these steps:

  1. In ZIEForWeb\lib directory open and add the property useJSSE=true.
  2. Use the Certificate Management to create a new JKS file by name ServerKeyStore.jks in ZIEForWeb\bin directory.
  3. Password for the ServerKeyStore.jks must be hodpwd.
  4. Under Personal Certificates section, create a Self-Signed certificate in ServerKeyStore.jks.
  5. Extract the Self-Signed certificate as Base64 .arm file and add it to CustomizedCAs.p12 or CustomizedCAs.jks (if ZIEWeb client is configured to use JSSE) present in the ZIEWeb publish directory.
  6. If one or more redirector ports are configured for Client Authentication, add the certificates received from the clients under Signer Certificates section of ServerKeyStore.jks.
  7. Restart Z and I Emulator for Web Service Manager.

Enabling TLS or SSL tracing in the Redirector code

To enable TLS or SSL tracing in the Redirector code, follow these steps on the system running Redirector:

  1. Stop the Service Manager if it is currently started.
  2. Set an environment variable:

    To set this variable:

    Note: The variable value is case sensitive.

  3. Start the Service Manager. Under the ..\zieforweb\private directory, look for the file named NativeSSLTrace.trc. This file has the trace data from the Redirector.
  4. To stop the trace, stop the Service Manager and set the value of the environment variable to No. Delete the NativeSSLTrace.trc file if necessary.

    Note: Each time the Service Manager is started, the trace file is newly created. All existing contents of the file are overwritten.

Related topics

  • Using the Z and I Emulator for Web Redirector
  • Configuring a Session to Connect to the Redirector
  • Adding a host to the Redirector
  • Redirector Troubleshooting Checklist