action.skip

End-to-end Security Settings

How do I get to this dialog box?

You can access this dialog box from the TCP/UDP Path Options dialog box. To access this dialog box, you must launch InfoConnect from the centralized management server, configure the session to use the Security Proxy, and enable End-to-end security as described here:

  1. Launch an InfoConnect Workspace session from the centralized management server.

  2. Use the path wizard to create a path. When asked to select how this path will connect to the Host, select Reflection security proxy.

  3. When you select a proxy, enable End-to-end security, and enter your host address and port.

  4. Configure the remaining Wizard settings, then click OK in the Create Document dialog box.

  5. Open the InfoConnect Workspace Settings dialog box.

    The steps depend on your user interface mode.

    User interface mode Steps
    Ribbon From the File menu or the InfoConnect button , click InfoConnect Workspace Settings (under the Recent Documents list).
    InfoConnect Browser On the InfoConnect menu, choose Settings and then InfoConnect Workspace Settings.
    TouchUX Tap the Gear icon and then select InfoConnect Workspace Settings.
    Classic MDI From the Options menu, select Global Preferences.

  6. Click Manage Path.

  7. In the Manage Path dialog box, select the path you are configuring, then click Modify the selected path. This opens the Database Editor.

  8. Open the TCP/UDP Path Options dialog box. The steps depend on your connection type. For example:

    • For an INT1 connection, click the Connection tab, then click Advanced.

    • For a TCPA connection, from the Path tab, under Host, click Advanced.

  9. Confirm that End-to-end security is enabled, then click End-to-end settings.

When you configure connections using the centralized management server Security Proxy, the connection between the client and the Security Proxy server is secured and encrypted using the SSL/TLS protocol. By default, the information sent between the proxy server and the destination host is in the clear. When you enable the End-to-End security, information sent between the Security Proxy the destination host is also encrypted. This is done by tunneling an TLS/SSL direct connection to the host through the centralized management server security proxy.

Use the End-to-end Settings dialog box to configure the SSL/TLS settings for the direct connection to the host. The options are:
Security type Specify which version of TLS to use.
Encryption strength Specify the desired level of encryption for TLS connection. The connection will fail if this level cannot be provided. If you select auto, any encryption level is permitted, and InfoConnect will negotiate with the host system to choose the strongest encryption level supported by both the host and the client.
Verify host name against host certificate name Specifies whether host name matching is required when validating host certificates. When this setting is enabled (the default), the host name you configure for the path in the TCP/UDP Path Options dialog box must exactly match a host name or IP address entered in either the CommonName or the SubjectAltName field of the certificate. This setting is required for DOD PKI users.

Certificate revocation
Use CRL Select this option to validate the authenticating certificate by checking it against a digitally signed list of certificates that have been revoked by the Certification Authority. Certificates identified in a CRL are no longer valid.
OCSP Select this option as an alternative to CRL checking to confirm whether a certificate is valid. OCSP uses the HTTP transport and responds to certificate status requests with one of three digitally signed responses: "good", "revoked", and "unknown".OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs.

User authentication certificate
Pick identity certificate automatically When you select this option, InfoConnect presents all available personal certificates to the server for client authentication.
Use the selected identity certificate Select this option to specify a particular certificate. Type the name of a user certificate to use for client authentication, or click Browse to select it from a list of personal certificates available in the Reflection Certificate Manager store and the Windows system store.

Reflection Certificate Manager

Click to import and manage user certificates in the Certificate Manager.