Configuring clients to use client authentication

Client authentication can be configured in the session configuration properties on the server or on the client workstation.

On the server:

1. Open the Administrator window.
2. Click the Users tab to open the list of defined groups and users
3. Select a user or group and click Sessions to open the Configured Sessions window.
4. If you are creating a new session, click the appropriate button. If you are changing a session, right-click the session icon, then click Properties.
5. Click TLS/SSL in the tree view.
6. To enable server authentication, click Server authentication. Read about known security limitations when using the Internet.
7. To use client authentication, click Yes for Send a Certificate.
8. Specify the Certificate Source and Certificate Location or Certificate Name.

   To specify a default location of the client certificate, enter a URL or path and file name. The URL protocols that can be used depends on the capabilities of your browser. Most browsers support http, https, ftp, and ftps.

   To specify a default name, choosing "Any certificate trusted by the server" causes Host On-Demand to search through the Microsoft Internet Explorer Personal Certificate store for the first certificate that is signed by a Certificate Authority trusted by the server requesting the certificate.  Choosing a specific name causes Host On-Demand to send only that certificate.  You may also add the name of a certificate that is not in the administrator's Certificate Store by clicking the "Add Certificate Name" button and specifying certificate components, such as the common name, organization, etc.

   Note: If you do not want the location or name changed, click Lock. Otherwise, users can choose the certificate location or name.

   To be prompted each time the server requests a client certificate, click "Prompt on each connection" for How Often to Prompt. To be prompted once each time you start Host On-Demand, click "Prompt the first time after HOD is started". 

   Specify whether or not to Retrieve Certificate before Connecting.
   

9. Click OK.
10. If clients will use secure sessions to the Host On-Demand server, click the Redirector service.
• If you are creating a new redirector connection, click Add. If you are changing a connection, highlight the entry and click Change.
• In the Add (or Change) Configuration window, choose the appropriate value for Security. The most likely choice is Client-side because this provides secure sessions between the client and the Redirector. Refer to the online help for more information.

On the client:
 

Note: Some of the following fields may have been disabled by the administrator.

1. If you want to create a new session, click Add Sessions and double-click the type of session you want to create.  If you want to change an existing session, right-click the session icon, then click Properties.
2. Click TLS/SSL in the tree view.
3. To enable server authentication, click Server authentication. Read about known security limitations when using the Internet.
4. To use client authentication, click Yes for Send a Certificate.
5. 
   Then specify the Certificate Source and Certificate Location or Certificate Name.

   To specify a default location of the client certificate, enter a URL or path and file name. The URL protocols that can be used depends on the capabilities of your browser. Most browsers support HTTP, HTTPS, FTP, and FTPS.

   To specify a default name, make a selection from the Certificate Name drop-down box. Choosing "Any certificate trusted by the server" causes Host On-Demand to search through the Microsoft Internet Explorer Personal Certificate store for the first certificate that is signed by a Certificate Authority trusted by the server requesting the certificate.  Choosing a specific name causes Host On-Demand to send only that certificate.

   To be prompted each time the server requests a client certificate, click "Prompt on each connection" for How Often to Prompt. To be prompted once each time you start Host On-Demand, click "Prompt the first time after Host On-Demand is started."  If your client supports storing preferences locally, choosing "Prompt only once, storing preferences on the client" causes Host On-Demand to prompt the next time the connection is made, but never after that, unless the connection is attempt fails.

   Specify whether or not to Retrieve Certificate before Connecting.
   

6. Click OK.

Not all servers request certificates. When you try to connect to a telnet server that does, a window appears prompting you for the location and password of your certificate.

Setting security on the Redirector

To use secure sessions on a Host On-Demand Redirector, you must set a security level on the port used by the Redirector. On the server:

1. Log on as the administrator.
2. Click the Redirector tab.
3. If you are creating a new connection, click Add. If you are changing a connection, highlight the entry and click Change.
4. In the Add (or Change) Configuration window, choose the appropriate value for Security. The most likely choice is Client-side because this provides secure sessions between the client and the server. Refer to the online help for more information.

Related topics

• How TLS and SSL work
• Server authentication
• Client authentication