Session security

Z and I Emulator for Web Version 1.0 uses the TLS protocol to provide security for emulator and FTP sessions.

The TLS protocol provides communications privacy across a TCP/IP network. TLS is designed to prevent eavesdropping, message tampering, or message forgery. TLS also provides a framework that allows new cryptographic algorithms to be incorporated easily. Z and I Emulator for Web supports encryption of emulation and FTP sessions and server/client authentication according to TLS Protocol Version 1.0.

Support is provided for the following:

To support TLS services, Z and I Emulator for Web uses six databases:

Redirector can be configured to use Java Secure Socket Extension (JSSE) . When configured with JSSE, redirector reads the private key and certificates from ServerKeyStore.jks. Refer to "The Redirector" for more information.

The CustomizedCAs.class is a Java class file that contains the certificates of unknown CAs and self-signed certificates that are not in the WellKnownTrusted list. If you use a self-signed certificate or a certificate from an unknown authority (CA), you need to update the CustomizedCAs.class file. However, note that you can no longer create or update the CustomizedCAs.class file using the Certificate Management utility on Windows or AIX platforms.

WellKnownTrustedCAs.class, and WellKnownTrustedCAs.jks
The WellKnownTrustedCAs.class and WellKnownTrustedCAs.jks are the files supplied by Z and I Emulator for Web that contain the public certificates of all the CAs that Z and I Emulator for Web trusts. You should not modify these files.

WellKnownTrustedCAs.class and WellKnownTrustedCAs.jks and/or CustomizedCAs.class and CustomizedCAs.jks must be present in the Z and I Emulator for Web publish directory. The Z and I Emulator for Web client uses these files to trust the server's certificate during the TLS handshake.

You can create a CustomizedCAs.jks file by using any open source Key and Certificate Management utility or keytool.exe command-line tool, which is a Java Key and Certificate Management Tool available in the JRE for this purpose.