Importing certificates from the server for secured connections

Starting from Rational® Functional Tester 9.1.1, you can import certificates from the server to connect to the host machines securely. You can create a CustomizedCAs.p12 / CustomizedCAs.jks keystore through the Extension for Terminal-based Applications that produces the *.p12/JKS file. This file passes the host server's self-signed certificate credentials to the terminal to allow a secure connection.

About this task

Prior to version 9.1.1, you could use SSL to connect to the host machine securely. See Using SSL to connect to host machines.

Procedure

  1. Start the Extension for Terminal based Applications by clicking the Launch button in Rational® Functional Tester.

  2. Click Session > Security to open the Security Information window.

    Security Information window

  3. Select or type the Host address and Port number.
  4. Select the type of keystore where the certificate can be saved. Depending on the connection protocol supported by the host, you can choose PKCS12 or JKS.
  5. Click the Get Certificate(s) button to retrieve the certificates from the host.
  6. After the certificates are retrieved, click the Save button to save the extracted certificate to the appropriate keystore (CustomizedCAs.p12 or CustomizedCAs.jks).
  7. Click the Status bar to open the location where the keystore is created with the certificate. This location would be C:\Users\<current user>\Application Data\ibm\RFT\Extension for Terminal-based Applications on a Windows machine.
  8. Copy the .p12 or .jks file to the <IBMIMShared\plugins>\com.ibm.test.terminal_8.5.0.vXXXX folder. This plugin folder also includes the terminal.jar and TerminalTester.jar files.
  9. Close the Security Information window and restart the Extension for Terminal-based Applications.
  10. Type the Host address, Port number, and terminal type information and click the Advanced Settings button.
  11. Set the properties depending on the type of certificate.
    • For CustomizedCAs.p12, you must set the following properties:.
      Property Name Set the value...
      SSL true
      SSLTelnetNegotiated true
    • For CustomizedCAs.jks, you must set the following properties:
      Property Name Set the value...
      sslUseJSSE true
      sslJSSETrustStore Provide the full path of CustomizedCAs.jsk.

      For example,

      C:\Program Files\IBM\IBMIMShared\plugins\com.ibm.test.terminal_8.5.0.v20170703_0428\CustomizedCAs.jks
      sslJSSETrustStorePassword hodpwd
      tlsProtocolVersion TLSv1.2
      Note: If the host supports an older version of the protocol, the application will fall back to the older version.
      sslJSSETrustStoreType jks
      SSL true
      SSLTelnetNegotiated true
    Note: You must set SSLTelnetNegotiated to true only when you connect to a Telnet server that supports IETF Internet-Draft TLS-based Telnet Security. The Internet-Draft defines the protocol for performing the SSL Handshake over a Telnet connection.