*HelpHelp for SSL



Secure Socket Layer (SSL) provides encryption and authentication to most popular web browsers.  Netfinity 5.2 includes export grade (40-bit) encryption and (512-bit) authentication when using the Netfinity manager web extension.  SSL is used by a web browser when a URL begins with https: instead of http:.  For example https://netfinity.ibm.com:411/ will request the Netfinity welcome page using SSL. (Note: When using SSL it is important to use fully qualified hostnames (netfinity.ibm.com) as opposed to just the hostname (netfinity).) The type of encryption used to retrieve a web page can be seen by looking at the document information or properties.

SSL is automatically enabled when Netfinity 5.2 is installed with the web extension enabled.  Before connecting to a web-enabled Netfinity manager using SSL, the web browser must be configured to connect securely to the manager.  The browser configures itself by retrieving a certificate from the Netfinity manager.  When the certificate is installed into the browser, the browser prompts the user to accept the certificate.  If the user chooses to accept the certificate, the browser will install the certificate and not prompt the user again in the future.

Certificate installation happens automatically when Netscape Navigator attempts to make an SSL connection to the manager for the first time.  When the first SSL connection is made to the manager, Navigator will prompt the user with a series of windows to ensure that the certificate should be installed into the browser.

Microsoft Internet Explorer must have the certificate manually installed and then be restarted before it can make an SSL connection to the manager.  To install a certificate from this manager into Internet Explorer perform the following steps:
 

  1. Click here to download the certificate.
  2. Choose to accept and enable the certificate and press OK. (If using Internet Explorer 4.0, choose to open the certificate.)
  3. Shutdown and restart Internet Explorer.


SSLeay logoThe SSL implementation used here was written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscape's SSL.