Using SSL to connect to host machines

IBM® Rational® Functional Tester Extension for Terminal-based Applications requires a security utility such as OpenSSL or IBM® Certificate Management to produce the *.p12 file that will pass the host servers self-signed certificate credentials to the terminal to allow a secure connection. Although IBM® Certificate Management that runs on Windows®, Linux®, AIX®, or Solaris distributed platforms is not included with Rational® Functional Tester, it is shipped with other IBM® products such as IBM® Personal Communications, IBM® Host On-Demand, and IBM® HTTP server. You can easily create the *.p12 file if you have access to this utility.

Before you begin

Note: Starting from 9.1.1, you can import certificates from the server to connect to the host machines securely. See Importing certificates from the server for secured connections.

To use SSL to connect to host machines, you need:

  • The extracted host or server certificate in the form of an *.arm or *.der file.
  • The secure port for your host connection.
  • A CustomizedCAs.p12 with a password of "hod" created using IBM® Certificate Management.
  • The correct settings for the terminal session.

About this task

You must use IBM® Certificate Management to create the *.p12 file. You must have access to IBM® Certificate Management tool. You must either install it or work with an existing installation:

Procedure

  1. Start IBM Key Management.
  2. Click KeyDatabase File > New. You must change the file type to PKCS12 and name it as CustomizedCAs.p12.
  3. Save the file to the folder C:\Program Files\IBM\SDP70Shared\plugins\com.ibm.test.terminal.7.0.2v200906180724. . The terminal.jar and TerminalTester.jar must be present in this folder.
    Note: For Rational® Functional Tester Extension, version 7.01, the location for the CustomizedCAs.p12 file will be C:\Program Files\IBM\SDP70Shared\plugins\com.ibm.test.terminal.7.0.1v200709190143
  4. Type hod as the password.
    Note: This password is hard-coded and must be hod.
  5. To add the extracted *.der or *.arm file from the host's server certificate to the CustomizedCAs.p12, click Add.
  6. In the Token Label field, type a valid token label for this certificate.
  7. To save the file with the certificate you just added, click Key Database File > Save As. Verify the password and close IBM Key Management.
  8. Start IBM Extension for Terminal-based Applications.
  9. Configure the advanced settings in the Advanced Properties page of the IBM® Extension for Terminal-based Applications dialog box , click Advanced as follows:
    1. Set SecurityProtocol to SESSION_PROTOCOL_SSL or SESSION_PROTOCOL_TLS
    2. Set SSL to true
    3. Set SSLCertificateName to CustomizedCAs.p12
    4. Set SSLCertificatePassword to hod
    5. (optional) Set SSLCertificateProvided to true
    6. Set SSLTelnetNegotiated to true.
      Note: You must set SSLTelnetNegotiated to true only when you connect to a Telnet server that supports IETF Internet-Draft TLS-based Telnet Security. The Internet-Draft defines the protocol for performing the SSL Handshake over a Telnet connection.
  10. In the terminal session under Port, type the secure port number to be used by the server connection. Typically, this is 992, but it may vary depending on the telnet configuration of your host. The secure connection must show MA*+ in the Operator Information Area at the bottom of the screen.
  11. Click OK.