Client Configuration

BlueZone Emulator Client Configuration

All BlueZone client emulators, support the SSL protocol through the BlueZone Security Server.  BlueZone clients may be pre-configured for distribution with SSL enabled, eliminating the need for any End-User intervention during the installation and configuration of the BlueZone clients.

SEE  BlueZone Display & Printer Help for additional details about configuring and distributing BlueZone emulation clients.

NOTE  A Connection should already be configured and started in the Security Server before setting up any of the BlueZone emulation clients to connect via SSL.

BlueZone Emulation Client Configuration for SSL Security

Configure the telnet parameters:

  1. Launch a BlueZone client session and from the MenuBar go to Session:Configure.

  2. Select TN3270 or TN5250 from the Connection Type list box and click the Configure button.

  3. Select the New button.

  4. Enter a Connection Name to identify this connection.  This name can be an name you wish.

  5. Enter the Host Address of the Security Server.  This can be either an IP address or a DNS name.

  6. Enter the TCP Port on which the Security Server is listening for this connection.  This must match the port number that has been configured in the Security Server Connection.

  7. Select a Backup Host if one is desired.

  8. Select any other options as appropriate.

  9. Click the OK button to apply the settings and return to the Session Configuration property sheet.

Configure the security parameters:

  1. Select the Security tab and check the Enable Secure Sockets Layer checkbox.

  2. Select the desired method for handling Invalid Certificates.

  1. Select the desired SSL Version.  SSL v3 and TLS v1 are nearly identical.  TLS v1 is the most secure setting.  SSL v2 is provided for backward compatibility with older systems and is less secure.  This setting must match the SSL version that has been configured in the Security Server Connection.

  2. If you have a preference, choose a Preferred Cipher Suite from the list box.  Otherwise, leave it set to None.  By leaving it set to None, BlueZone will automatically negotiate the highest Cipher Suite possible.

NOTE  PKCS12 certificates contain both the certificate and private key in a single file, therefore, only the Certificate File name needs to be specified.

  1. Click the OK button to apply the changes and exit to the Session Configuration dialog.

  2. Click the OK button to return to the BlueZone Display or Printer client window.

Save the SSL and all other configuration parameters to a file for distribution:

  1. From the BlueZone MenuBar, select File:Save As.

  2. Assign a name for the file in the File Name edit box and click the Save button.

  3. Copy the configuration file to the BlueZone distribution image disk or directory.  When used with Quiet Mode Installation, no end user intervention is required to install or configure BlueZone.

SEE  the BlueZone Desktop Administrator's Guide for more information on the use of configuration files.

Testing the Connection

If you chose "Always Accept" to the "Select the desired method for handling Invalid Certificates" question above, you should now be able to establish an encrypted connection to your host.

If you chose "Ask Before Accepting" to the "Select the desired method for handling Invalid Certificates" question above, when making a connection to your host, you will receive a Certificate Error message stating that the Server Certificate is invalid.  This is normal because the Server Certificate that we provide with the Security Server is a self signed certificate.  This is not necessarily a problem if you are using a BlueZone emulation client and the BlueZone Security Server to encrypt host sessions for your own employees.

Having a valid Server Certificate becomes critical, is when you are presenting the certificate to an outside Customer.  In this case you will probably want to obtain a certificate from a third party Certification Authority.

If you are using a BlueZone emulation client and the BlueZone Security Server to encrypt host sessions for your own employees, then the Certificate Error message is not relevant since your sessions will indeed be encrypted.

To avoid this message, instruct your End Users to do the following:

  1. Launch a BlueZone session and attempt to connect to your host via the Security Server.

  2. When the Certificate Error message is displayed, click the View button.

  3. The Self Signed Certificate will be displayed.

  4. Check the Add This Certificate to Trusted List checkbox and click the OK button.

  5. The secure connection will now be completed.

The next time the End User makes the connection, the Certificate Error will not be displayed.

Related Topics:

BlueZone FTP Configuration

Windows Domain Authentication