Deploying PKI Settings for Reflection Telnet Connections that Use SSL/TLS

  • 7021701
  • 25-Apr-2008
  • 31-Mar-2018

Environment

Reflection for UNIX and OpenVMS version 14.x
Reflection for ReGIS Graphics version 14.x

Situation

Administrators can use the Reflection Customization Manager to create custom Reflection installations that include PKI settings. Follow the steps in this technical note to deploy Reflection PKI settings for Telnet connections that use SSL/TLS.

Resolution

The steps are organized as follows:

Verify that Reflection Versions are Compatible

To deploy Reflection PKI settings that use SSL/TLS, you need both a workstation and an administrative installation of Reflection and the Reflection Customization Manager, which is part of the Reflection Administrative Toolkit.

The versions of the Reflection workstation and administrative installation must be exactly the same. To verify the version numbers:

  1. Open the workstation installation of Reflection and click Help > About Reflection. Note the version number (for example, 14.0.4).
  2. Open the administrative installation of Reflection and click Help > About Reflection. Note the version number (for example, 14.0).
  3. If the version numbers match exactly, continue with the next section. If not, then upgrade the workstation and/or the administrative installation to the latest version, for example, 14.0.4 (version 14.0 with Service Pack 4).

Note: Some customization settings may be available only with the latest service pack.

To find the current release and latest service pack, log in to the Attachmate Download Library, https://support.microfocus.com/downloads/. For information about logins and accessing the Download Library, see KB 7021965.

Create a Settings File

Using the workstation installation, create a settings file that contains all the required SSL settings within it.

  1. Open Reflection (Start > Programs > Attachmate Reflection > Host - UNIX and OpenVMS). Click Connection > Connection Setup.
  2. Verify or change to Connect using Network, with Telnet selected. Enter the host name or IP address, and click the Security button.
  3. On the SSL/TLS tab, check Use SSL/TLS security, and set up SSL according to your requirements. Click OK. Then click OK again to exit Connection Setup.
  4. Save the settings file: Click File > Save As, enter <filename>.r2w, and click Save. Note the location.
  5. Using this settings file, make a connection to verify that it works. If prompted, choose the "Always" option for the cert acceptance.

Note: The certificate for the server is saved in the Reflection Cert store when that connection is made.

    1. To verify the certificate store, open …\My Documents\Attachmate\Reflection\.pki.
    2. Verify that the .pki folder contains these four files:
cert_cache
crl_cache
pki_config
trust_store.p12

Create Two Customized Packages

To deploy PKI settings for Reflection Telnet Connections that Use SSL/TLS, two packages are required: a customized Reflection installation package and a companion package that contains additional customization settings.

Customize the Reflection Installation Package

Use the Reflection Customization Manager to create a customized MSI package for the Reflection product you want to install.

  1. Open the Reflection Customization Manager. (Start > Programs > Attachmate Reflection\ Administrative Tools\ Customization Manager.)
  2. Click Customize in the left pane, and then click Open Installation in the right pane.
  3. With the "Customize a Reflection installation" radio button selected, browse to the location for the Reflection Administrative installation (<file name>.msi). Click OK.
  4. In the Installer Transform File dialog box, enter a name for the Windows Installer transform. Click OK. (Click OK again to create a new transform file.)

Note: In the Reflection Customization Manager, on the right side of the panel, you'll see an up-to-date summary of the Installations and the Customizations. This display refreshes when you make changes.

  1. Close Reflection Customization Manager.

Create a Companion Package

The companion package enables you to make additional files available to your end user in a separate standalone installation package file (*.mst). By putting the files in a separate package, you are assured that the customizations are preserved.

  1. Open Reflection Customization Manager > Open Installation (as in the previous section) . Click the radio button to "Create a companion package." Enter a filename and location.

Note: Each file contained in the companion package must be saved to a location where the end user can access it.

Click OK.

  1. In the Companion Installation dialog box, you may edit the title of the companion package. Select the installation type. Click OK.
  2. On the Customize Reflection Installation panel, click Add Files; then click the Add button.
  3. In the Add File to Installation dialog box, browse to the settings file you created earlier, and click Open.

Further customize the installation package for this SSL settings file by selecting the following settings:

    1. Installation Properties: Install file and shortcut to end user machine.
    2. Install file to: Shared Application Data.
    3. Install shortcut to: Desktop Folder.

Click OK.

  1. Add the four files into the companion package from the .pki folder that was created when you tested the settings file:
    1. In the Add File to Installation dialog box, browse to a file the .pki folder (My Documents > Attachmate > Reflection > .pki).
    2. Select one of the files (cert_cache, crl_cache, pki_config, or trust_store.p12), and click Open.
    3. Set the Installation Properties to Install file to end user machine without shortcut.
    4. Set Install file to: Shared Application Data, and enter Attachmate\Reflection\ in the second field.
    5. Repeat steps a – d until all four files have been added. (The files must be added individually; there is no batch process available.)
    6. After the last file has been added (five files, including the settings file), click OK. Close the Reflection Customization Manager.

Install the Packages

  1. Once the companion package is ready, first install the Reflection installation package, and then install the companion package.
  2. After the installation, navigate (using Windows Explorer) to All users\Application Data\ Attachmate\ Reflection to verify that the .pki folder was created there with all the contents.
  3. To connect, double-click the settings file on the desktop (as specified in the companion package).

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 2326.