Session properties
Security tab
SSL
AFJ enables you to use Secure Sockets Layer (SSL version 3) security to protect your online communication. SSL is a protocol designed by Netscape Communications to enable encrypted, authenticated communications across the Internet. SSL provides three important things: privacy, authentication, and message integrity. In an SSL connection, at least one side of the connection must have a security certificate. The server sends a security certificate to the client, and if requested by the server, the client sends a security certificate to the server. Each side then encrypts any data it sends using information from both its own and the other side's certificate. This ensures that only the intended recipient can decrypt the data and that the message has not been tampered with, and allows the recipient to authenticate the source of transmitted data.
Proxy
AFJ enables you to use SOCKS Version 4 to connect via a proxy server. The SOCKS protocol provides a framework for client-server applications
to transparently and securely traverse a network firewall.
Configuration options
Enable SSL
Enables Secure Sockets Layer security.
Display certificate once connected
If you want AFJ to display security certificates automatically upon connection, select this option. By always displaying the security certificate, you are given the opportunity to reject certificates that would ordinarily be accepted, and to accept certificates that would ordinarily be rejected.
Currently selected ciphersuite
Click the Change button to choose the ciphersuite which AFJ will use to transmit your data. The Ciphersuite Selection dialog box opens.
Choose the ciphersuite you want to use, then click OK.
Send client certificate
Select this option if you want a client certificate to be sent to the server or redirector, if it is requested. Enter the URL where the certificate is located as follows. This can be a HTTP URL or a file URL.
HTTP URL
This enables you to locate a certificate over the Internet. Enter the URL as follows:
http://Computer/Path/FilenameOfCertificate
Where:
Computer: is the domain name or IP address of the computer where the certificate is located.
Path: is the complete path to the file certificate on Computer.
FilenameOfCertificate: is the file name of the certificate.
For example: http://mymachine/AFJ/private/Client_cert
FIle URL
This enables you to locate a certificate on a local computer. Enter the URL as follows:
file://Computer/Path/FilenameOfCertificate
or
file:\Path\FilenameOfCertificate
Where:
Computer: is the domain name or IP address of the computer where the certificate is located.
Path: is the complete path to the file certificate.
FilenameOfCertificate: is the file name of the certificate.
For example:
file://mymachine/certificates/client_cert
file:c:\certificates\client_cert
Enable proxy server
Enables communications via a proxy server.
Name or IP address
Identifies the proxy server through which you want to connect. You can specify the proxy as either a DNS name or an IP address.
IP addresses identify computers on a TCP/IP network. An IP address comprises a twelve-digit number written in dotted decimal notation. The numbers that make up the address are split into four groups of three digits separated by periods. For example, 123.123.123.123
DNS (domain name system) allows names to be used in place of IP addresses to identify computers on the Internet. For example, proxyserver.avivasolutions.com.
TCP port
Specifies the port number that AFJ uses to connect to the proxy server. By default, the port number is 1080.
If your proxy server uses a different port, specify the appropriate value.
About certificates
Certificates are digital documents that allow verification of the claim that a public security key does in fact belong to a given individual or organization. They help prevent the use of fraudulent keys. Certificates provide the following levels of security:
 |
Verification of the identity of the sender
|
|
Encryption of the transmitted data
|
|
Protection against unauthorized modification of the transmitted data
|
When AFJ is first installed, no certificates are available. At least one certificate must be created to allow for a secure connection between your users' workstations and the Aviva Security Redirector.
Note: If you are connecting to a TN server that supports SSL security, it is not necessary
for you to create your custom certificate, since the TN server itself will provide security.
See the documentation for your TN server for more information.
To open the Security tab
In a session
| 1. |
Start the User Workspace. |
| 2. |
Select an existing session and click Properties, or click New. |
| 3. |
Click the Configuration tab. |
| 4. |
Click New to define a new session, or
Select an existing session and click Properties. |
| 5. |
Click the Security tab. |
In a workspace
| 1. |
Start a session. |
| 2. |
On the Session menu, click Properties. |
| 3. |
Click the Security tab. |