I/O Concepts: Cost Reduction through Innovation

Configuring a Client-Side SSL Proxy Server

To run an SSL Client Proxy you need to

Edit the clientproxy.properties file
Run the SSLClientProxy application that is delivered with the SSL Proxy package.

Step 1: Edit the clientproxy.properties file

remoteSSLhost = hostName
remoteSSLport = portNumber: If you are using a remote SSL Server Proxy, then use these properties to specify the host name (IP address) and port number of that proxy. If your remote server supports SSL and you are not using a remote SSL Server Proxy, then omit these two properties.
trustStore = pathname: Use this property to specify the full pathname of the certificate truststore. This will be required if your remote server is using a self-signed certificate. On Windows systems be sure to double all backslash characters.
trustPassword = password: This property specifies the password protecting the trust store specified in the trustStore property.
lmhost = hostname [,hostname,]...: Use this property to specify a list of the machines in which the I/O Concepts WebSession License Servers are running.
allowClientIPs = ipAddress [,ipAddress]...: Use this property to specify one or more IP addresses from which connections will be accepted and proxied. Connections from clients at other IP addresses will be rejected and immediately closed. If you omit this property then connections will be accepted from any IP address.
proxy = id [, id]...: Use this property to assign symbolic names to all proxy connections to be managed by this SSL Client Proxy. For each ID listed, you must supply three more properties: id.port, id.remoteHost, and id.remotePort.
id.port = portNumber: This is the port number on which the client proxy will accept a connection. It may be any port number not already in use.
id.remoteHost = hostName
id.remotePort = hostPort: These properties specify the destination for all connections received on the port number specified by the corresponding id.port property. Use the hostname and port number of the TN3270 server here.
id.directToHost = true | false: Set this property true if your remote server supports SSL; set it false if you are using a remote SSL Server Proxy.
logfile = fileName
logictrace = true | false
dstrace = true | false
lictrace = true | false: It is recommended that you enable logging to a local file until you are confident that the SSL Client Proxy is setup properly.

Example

remoteSSLhost = localhost
trustStore = /websess/ssl/yourCertificate
trustPassword = changeit
lmhost = localhost
proxy = tn3270_SSL
tn3270_SSL.port = 10002
tn3270_SSL.remoteHost = SSLhost.ioconcepts.com
tn3270_SSL.remotePort = 23
tn3270_SSL.directToHost = true

Step 2: Run the Client-Side SSL Proxy Application

Be sure that your modified clientproxy.properties file is in the same directory as the SSLClientProxy application, then run the application. If you receive an error message or the SSLClientProxy application exits, you may have to import the server certificate into a truststore in the JDK that the application is running. If you have specified a log file in the properties file (a good idea the first time you run), check it for details on the status of the proxy. You may find these instructions about how to import a certificate helpful.