Facebook

Fill out this form to subscribe to news, tips and information about updates.

Read more
Follow us
Facebook    Twitter    LinkedIn

G&R » About G&R » News » Testing Glink's Secure Sockets Layer (SSL) support  

Testing Glink's Secure Sockets Layer (SSL) support

We have set up a 'secured' Ggate DSA server to allow you to test the new Secure Sockets Layer (SSL) support in Glink. The secure Ggate allows you to make a secure connection from Glink to Ggate, and then access our 'G&R Distributors' demo application on GCOS8 in Phoenix.

Server certificate validation and data encryption can be configured between your Glink client and our Ggate server in Oslo before being channelled over a DSA network to the GCOS8 host system.

Our Ggate server is running on a UNIX system using an SSL tunnelling product. The SSL tunnelling currently being tested is called 'stunnel' and is downloadable from www.stunnel.org under a GNU General Public License (GPL).

Before configuring and testing this, it is imperative for you to know your local laws governing cryptography. We're not liable for anything you do that violates your local laws.

All currently supported versions of Microsoft Windows include SSL (SSL v2/v3 and TLS v1) and data encryption as a standard, and require no additional software. For Windows 95 and 98, refer to the Prerequisites section in Glink's on-line help for details of how to upgrade them to support SSL. There is a link in the 'What's new' section of Help.

Here are the instructions for testing:

Settings
-> Communication interface
-> TCP/IP, Window sockets
-> Communication options (Windows sockets)
-> IP address: ggate.gar.no
-> Protocol: G&R DSA gateway
-> Use secure sockets : checked
-> Host >>
-> Description: TP8test in Phoenix
-> Host type: CXI
-> Terminal mode: VIP7804
-> Save as... -> tp8test
-> OK -> OK -> OK

Click the connect button and you should be connected to our TP8 demo.

If you hover the mouse over the 'lock' icon in Glink's status bar, you should see the Ggate server certificate information displayed in X.509 format

In the example above, apart from using encrypted data across the communications link, Glink also verified that the server certificate returned by our Ggate server was issued from a trusted root certificate authority. To add more specific server authentication, you can also validate the CN= server name field so that Glink verifies that you are connecting to the correct Ggate server.

-> Communication options (Windows sockets)
-> Use secure sockets : checked
-> Advanced
-> Validate server certificate : checked
-> Validate server name
-> Specific server name: www.gar.no
-> OK -> OK

For client authentication to be used, you need to acquire a client certificate from the Ggate server administrator who also needs to set-up the SSL tunnel to accept connections from copies of Glink supplying a specific client certificate.

A few notes:

Our secured Ggate server is listening on IP port 30851. Currently, Glink will automatically use the following port numbers if the 'Use secure sockets' option is selected:

Telnet: 992 (telnets)
G&R DSA gateway: 30851
G&R DIWS gateway: 30851

Other ports will be added as RFC suggestions become available. If you need to configure another port number, you can use the following syntax for the IP address:

ggate.mysystem.myroot:30851

The above Ggate SSL tunneling example is also applicable to other TCP protocols, e.g. telnet.

(c) Copyright 1982-2017 Gallagher & Robertson AS. Webmaster: webmaster@gar.no

URL: http://www.gar.no/about/news/2001-08-15
 
PARTNERS