Establishing secure host sessions
By default, BlueZone is not configured for secure SSL or TLS encrypted sessions. In order to establish a Secure host connection,
you will have to configure the security settings in BlueZone.
Note
Keep in mind that your Telnet host must be capable of negotiating a secure Telnet session, using either TLS v1 or SSL v3.
If your host is not secure Telnet-capable, one option is to use a product like BlueZone Security Server in front of your host
to perform the Telnet encryption and decryption functions.
To enable SSL encryption in BlueZone, follow this procedure.
| 1. | From the BlueZone menu bar, click . The Connection dialog displays.
|
| 2. | Click Configure. The Connections dialog displays.
|
| 3. | In the Connection List, highlight the session that you want to secure and click Edit. If you don't have any existing sessions, or you want to create a new one, click New.
|
| 4. | Edit the Host Address and the TCP Port if necessary. Your Telnet host administrator gives you the correct values to use.
|
| 5. | Click OK to close the dialog. |
| 6. | Click the Security tab. The Security dialog displays.
|
| 7. | From the drop down listbox, select either Implicit SSL/TLS or Explicit SSL/TLS. |
| 8. | Select the SSL Provider:
|
| 9. | Select the SSL version:
|
| 10. | Determine how you want to handle Invalid certificates. It is recommended to select Ask before Accepting until you are sure you can use one of the other settings.
|
| 11. | Select a preferred CypherSuite only if directed by you host administrator. By leaving it set to None, BlueZone automatically negotiates the highest encryption that both BlueZone and the host can support.
|
| 12. | Click OK twice to close out all dialogs. |
Now that you have BlueZone configured, you are ready to make a secure SSL connection with your host.
From the BlueZone menu bar, click or click the Connect icon located on the BlueZone toolbar.
At the start of a secure Telnet connection, a negotiation takes place. Part of the negotiation is to examine the SSL certificate
that is being presented by the host. You may get a warning message like this:
This message is normal if you are using a self-signed SSL certificate like the one that comes with BlueZone Security Server.
In some situations this can be perfectly acceptable.
Tip
If you are using encryption to allow secure remote Telnet connections from users that are not employees of your organization,
like your customers, you may want to consider purchasing a verified SSL certificate from a Certification Authority (CA).
Using a verified, rather than a self-signed SSL certificate, gives confidence to your remote users that they are indeed connecting
to the correct Telnet host and that their information is encrypted and secure. It also prevents an invalid certificate error.
To make these messages go away, follow these steps:
When the Certificate Error message appears and you are sure that you trust the issuer of the SSL certificate, enable the Add this Certificate to Trusted List check box. Once the certificate is in your trusted list, this error message no longer appears.
Once you are connected, the SSL Connection Status icon appears in the BlueZone status bar, as shown here:
You can click the SSL Connection Status icon to open the SSL Connection Status dialog, as shown here:
This is an easy way to verify the type and strength of your encryption. It also allows you to view the certificate that was
presented by the host Telnet server. In addition, if you are using client certificates, you can view that as well.