Copying the PeSIT remote site template for use with TLS

Field Description

Network Profile

Enter a name for the Network Profile. The Profile name must be unique in the Network Profile database.
Maximum: 31 characters.

Origin address/ Port

Enter the originating address and Port number that this Profile is associated with.

Destination address/ Port

Enter the destination address and Port number that this Profile is associated with.

Network type

Select the Network type:

  • X.25
  • TCP/IP

Network security

Select the type of security required for this Profile:

  • None
  • TLS
  • SSH

Security Profile

Select the Security Profile to associate with this Network Profile.

If Communication is set to X.25:

User Data

Enter user data. Used for X.25 networks.

About this procedure

For outbound PeSIT connections, by default Gateway uses the predefined PeSIT template remote site. For PeSIT secured exchanges, you must define a security profile for the template site. However, since secured PeSIT uses the same default site as standard PeSIT, it is impossible to have both PeSIT and secured PeSIT outbound connections at the same time using the standard Gateway configuration.

To allow the association of any number of security profiles for an outbound protocol, make a copy of the PeSIT remote site in Gateway and configure it to use the TLS security profile. You can then override the default outgoing site with the new one you defined. To implement the override you use the peltrans command with the –da option (-da = destination site alias).

Procedures

Step One: Make a copy of the PeSIT Remote Site Template

  1. Open a Gateway Navigator session.
  2. In the left pane of the GUI main window, expand the nodes: Partner Management > Sites and click the Remote Site folder.
  3. Gateway displays the available Remote Sites.
  4. Right-click the PeSIT Remote Site in the list, and select Copy from the context menu.
  5. Gateway opens the Copying screen.
  6. Enter PeSIT_S in the from HTTP to field and click OK.
  7. Gateway adds the PeSIT_S Remote Site to the end of the list of Remote Sites.

Step Two: Create a new Security Profile

  1. In the left pane of the GUI main window, expand the nodes: Security Management > Transfer Security Management > Security Profile
  2. Right-click the TLS Profile sub-node, and select New... from the context menu.
  3. Gateway displays the New TLS Profile screen.
  4. On the General tab, complete the fields:
  5. Field Description
    Name

    Enter a name for the TLS Profile. The Profile name must be unique in the Network Profile database.
    Maximum: 31 characters.

    For this example enter PeSIT_OUT
    Profile type Select CLIENT  from the drop-down list.
    Client authentication Select TLS_AUT_ANONYMOUS from the drop-down list.
    Accepted SSL versions

    Select both of the options:

    • SSLV3
    • TLSV1
    Accepted cipher suites

    Leave the default Accepted cipher suites for this example.
    Accepted authorities (Disabled for client mode.)

    Certificate templates

    		 There are no certificate templates to provide for this example.
    Trust hosted certificates only Do not select this option for use with PassPort.
    Automatic import of partner certificate chains Do not select this option for use with PassPort.
    Select single certificate Do not select a certificate for use with PassPort.
  6. On the Details tab, accept the defaults.
  7. On the PassPort PS tab, complete the fields:
    8. Field Description
    Local entity section
    Name Enter the local entity name for access to the PassPort PS server.
    Password Enter the entity password.
    Confirmation Confirm the entity password.
    Partner entity section
    Name Do not complete this field.
  8. Click OK to confirm and save.

Step Three: Edit the PeSIT_S Remote Site

  1. In the left pane of the GUI main window, expand the nodes: Partner Management > Sites and click the Remote Site folder.
  2. Gateway displays the available Remote Sites.
  3. Right-click the PeSIT_S Remote Site that you created in the first step of this series of procedures. Select Modify from the context menu.
  4. Gateway opens the Remote Site editing screen.
  5. Select the Net security tab.
  6. From the Network security option drop-down list select TLS.
  7. Gateway generates a set of configuration fields.
  8. In the "Security profile for outgoing connection field", select PeSIT_OUT (this is the security profile you created in the previous task).
  9. Click OK.