To view server certificate information, click Communication > Security. When a secure connection has been attempted, the certificate is sent from the server. Even if the connection is not successful, the certificate might still be available to view. Select a field from the Field list. The value for the selected field is displayed in the Value field. The server's certificate might not contain values for all the fields.
If you cannot complete a secure connection to the server, your client might not trust the server's certificate. If this happens in a telnet session, COMM662 appears in the OIA of the emulator and error message ECL0009 is logged. For FTP sessions, a window appears displaying error message ECL0009. The message also appears in the status bar. To complete the connection, you can extract the appropriate server certificate and add it to the list of trusted CAs. If Show Issuer Certificate is not grayed out, click that button to display the issuer of the server's certificate and extract the issuer's certificate to a file. If Show Issuer Certificate is grayed out, click Extract to save the server's certificate to a file. You can then add it to the list of trusted CAs (for locally-installed clients) or send it to your Host On-Demand administrator to add to the CustomizedCAs.p12 file (if it exists) and CustomizedCAs.class on the server (for all other clients).
Starting with Host On-Demand Version 8, administrators can no longer create or update CustomizedCAs.class using the Certificate Management utility (IKEYMAN) on Windows and AIX platforms. The utility only allows them to create or update a newer version of this file called CustomizedCAs.p12. In order to update CustomizedCAs.class, they need to run a reverse-migration tool. For more information, refer to Migrating from CustomizedCAs.class to CustomizedCAs.p12. |
Certificates received over the Internet can be forged. The safest way to verify the authenticity of a certificate is to display the finger print of the certificate you have received, and then contact the administrator of the server you are connecting to and ask for the finger print of the certificate on the server. If the finger prints match, you have an authentic certificate and may safely add it to the list of trusted CAs. |
Click Show Client Certificate to select and view a client certificate. This is a certificate file that was given to you by the person who requested and received your certificate.
Click Show CAs Trusted by the Client to see a list of CAs that the client can trust. These are the well-known CAs and the CAs listed in the CustomizedCAs.p12 file (if it exists) and CustomizedCAs.class located on the Host On-Demand server for download clients or the Host On-Demand locally-installed client. If the session is configured with Add MSIE browser's keyring set to Yes, then those trusted certificates will be displayed also.
Click Show Issuer Certificate to view information about the issuer of the requesting server's certificate, if it is available. This provides an additional security check because you can check that the certificate is signed by its expected CA.
You cannot view the server's certificate without attempting to connect to the server first. However, you can view your client certificates and see a list of CAs trusted by the client.