Copyright © 2014, Oracle and/or its affiliates. All rights reserved. VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
VII. Corente Services SSL Client Corente Release 9.1
Manual 9.1.1
Copyright © 2014, Oracle and/or its affiliates. 2 Corente Services SSL Client
Table of Contents
Preface .................................................................................................... 5
I. Introduction ............................................................................................ 6
Chapter 1. Requirements ....................................................................................... 7 On the LAN of the Corente Virtual Services Gateway .................................................. 7 On Each User’s Computer .................................................................................. 7
Chapter 2. Pre-Configured SSL Services ................................................................. 10 Desktop Access (VNC Applet) ............................................................................ 10 File Browsing ................................................................................................ 10 Local Web Browsing (HTTP) .............................................................................. 10 Email Protocols (IMAP, POP3, and SMTP)............................................................. 11 Telnet ......................................................................................................... 11 Secure Shell (SSH) ......................................................................................... 11 Partner Access .............................................................................................. 12 Additional Services ......................................................................................... 12
II. Configuring the SSL Client ...................................................................... 13
Chapter 1. SSL Client Settings in App Net Manager ................................................... 14
Chapter 2. SSL Services ...................................................................................... 15 Configuring Custom SSL Services ....................................................................... 16 Adding a New Custom Service ........................................................................... 17 Modifying an SSL Service ................................................................................. 18 Deleting an SSL Service ................................................................................... 18
Chapter 3. Creating SSL Client Accounts for Users ................................................... 19 External Server Authentication (RADIUS and LDAP) ................................................. 19 Local Authentication ........................................................................................ 19 Adding a New SSL Client Account in App Net Manager ............................................. 20 Viewing or Modifying an SSL Client Account Configuration ......................................... 22 Deleting an SSL Client Account .......................................................................... 22
Chapter 4. SSL Client Groups ............................................................................... 23 Adding a New SSL Client Group ......................................................................... 23 Modifying an SSL Client Group ........................................................................... 25 Deleting an SSL Client Group ............................................................................ 25
Chapter 5. Configuring SSL Client Access to a LAN .................................................. 26
Chapter 6. SSL Services ...................................................................................... 31
Chapter 7. System Homepage and Bookmarks ......................................................... 33 Specify an SSL Client Homepage ........................................................................ 33 Create Bookmarks for Intranet Browsing ............................................................... 34
Chapter 8. SSL Authorized Groups ........................................................................ 35
Copyright © 2014, Oracle and/or its affiliates. 3 Corente Services SSL Client
Chapter 9. External Authentication (RADIUS or LDAP) ............................................... 37 RADIUS Authentication .................................................................................... 37 LDAP Authentication ....................................................................................... 38
Chapter 10. Configuring SSL Client Access to Partners.............................................. 41 Allow SSL Client Access................................................................................... 41
III. Configuring Corente Virtual Services Gateways for Use with the SSL Client ...... 43
SSL Admin ................................................................................................... 43
Chapter 1. SSL Certificate .................................................................................... 44 SSL Certificate .............................................................................................. 45 Obtaining an SSL Certificate Signed by a CA .......................................................... 46 Install an SSL Certificate on Your Location Gateway ................................................. 47 Create a Self-Signed Certificate .......................................................................... 47 SSL Chain Certificate ...................................................................................... 48 CA Client Certificate ........................................................................................ 49
Chapter 2. SSL Log ............................................................................................ 51
Chapter 3. SSL User Report ................................................................................. 52
IV. Using the SSL Client ............................................................................. 53
Chapter 1. Supply Users with Login Information ....................................................... 54
Chapter 2. Logging In ......................................................................................... 55 Homepage ................................................................................................... 55 Session Expiration .......................................................................................... 56
Chapter 3. Browse Web Pages .............................................................................. 57 Accessing Web Sites ....................................................................................... 57 System Bookmarks ......................................................................................... 57 Pages That Cannot Be Accessed ........................................................................ 58 Applets and Plug-Ins on Web Pages .................................................................... 59
Chapter 4. Browse File ........................................................................................ 60 Corente Network Access Permissions .................................................................. 60 Logging Into Servers ....................................................................................... 61 Browsing Servers ........................................................................................... 62 Downloading Files .......................................................................................... 63 Uploading Files .............................................................................................. 64 Creating New Folders ...................................................................................... 64 Deleting Files and Folders................................................................................. 64
Chapter 5. Browse File – Shortcuts ........................................................................ 66 Adding Shortcuts ............................................................................................ 66 Accessing Shortcuts ........................................................................................ 66 Deleting Shortcuts .......................................................................................... 67
Chapter 6. Services ............................................................................................ 68 Viewing the Services ....................................................................................... 68 Using the Services .......................................................................................... 68 Host Properties Dialog Box................................................................................ 69
Copyright © 2014, Oracle and/or its affiliates. 4 Corente Services SSL Client
Command Line Strings for Specific Programs ......................................................... 71 Accessing Email via the SSL Client ...................................................................... 71
Chapter 7. User Preferences................................................................................. 73 Changing a Password ...................................................................................... 73 Bookmarks ................................................................................................... 74 Creating New Personal Bookmarks ...................................................................... 74
V. Configuring Email Programs for use with the SSL Client ............................... 76
Chapter 1. Setting up Outlook 2003 for use with the SSL Client .................................... 77
Chapter 2. Setting up Outlook 2007 for Use With the SSL Client ................................... 83
Chapter 3. Setting up Outlook Express for use with the SSL Client ............................... 89
VI. Appendix: Template for Email to New Users ........................................................ 95 Email Template.............................................................................................. 95
Index ..................................................................................................... 96
Additional Support ................................................................................... 98
Oracle Legal Notices ................................................................................. 99
Copyright © 2014, Oracle and/or its affiliates. 5 Corente Services SSL Client
Preface
This manual provides a detailed, step-by-step explanation of the administration procedures that are
performed to provide remote users with secure web access to Corente Virtual Services Gateways (also
known as ―Locations‖) via SSL. The purpose of this manual is to provide all the necessary information to
partners or customers who want to configure and use the Corente SSL Client.
Conventions
All hyperlinks are shown in blue, underlined text. They can be used to navigate through the guide or the
procedures related to an overall activity, or to jump to a cross-referenced topic or Internet URL.
Systems supported
This guide supports Corente, version 9.1.
Technical Support
For technical support to assist you with any problems or to answer any questions pertaining to function,
installation, and management of the Corente Services, please go to http://www.oracle.com/support.
Related reading
Corente provides several additional manuals:
I. Corente Services Planning
II A. Corente Virtual Services Gateway Hardware Preparation and Deployment
II B. Corente Services Policy Definition and Provisioning
III. Corente Services Administration
IV. Corente Services Troubleshooting Guide
V. Corente Virtual Services Gateway – Virtual Edition
VI. Corente Services Client
VIII. Corente Services Mobile User
To obtain these manuals, please visit the Corente web site at http://www.corente.com/documentation.
Copyright © 2014, Oracle and/or its affiliates. 6 Corente Services SSL Client
I. Introduction
The Corente SSL Client provides a secure method for remote users to access the corporate network
using a web browser and a connection to the Internet.
Corente offers two basic types of Corente network access for remote users: the SSL Client and the
software-based IPSec Corente Client. The SSL Client provides more limited access than the Corente
Client, but the SSL Client does not require specialized software to be installed on users’ computers.
While the Corente Client can handle all types of traffic between remote users and computers at a central
site, the SSL Client allows users to use only the services that have been specifically enabled or disabled
per Location and per user group by the network administrator. Services include the ability to retrieve and
send email via your company’s IMAP, POP3, and/or SMTP mail servers, browse secure intranet web
sites, download and upload files onto SMB servers, use VNC for remote desktop access, and use telnet
or SSH for text-based server access (see Chapter 2. Pre-Configured SSL Services, p. 10, for more
detailed descriptions of these services). In most cases, these flexible services provide sufficient access
for remote users.
Corente Client SSL Client
E-mail X X
File Share X X
Web (HTTP) X X
Desktop Access (VNC) X X
Telnet X X
SSH X X
Client-Server X X*
Databases X
Terminal X
*Only TCP-based applications that employ single connection protocols and do not use imbedded IP
addresses.
For more information on how these remote access solutions compare, please refer to the document
entitled Choosing a Corente Remote Access Solution. This document can be requested from Corente
Customer Care.
Copyright © 2014, Oracle and/or its affiliates. 7 Corente Services SSL Client
Chapter 1. Requirements
The SSL Client may require simple configuration to be performed on the Corente Virtual Services
Gateway, on the LAN of the Corente Virtual Services Gateway, and on the user’s computer that will be
used to access the network. The following are the requirements for operating the SSL Client.
On the Corente Virtual Services Gateway:
In App Net Manager, complete the configuration for SSL Clients on the User Remote Access
tab of the Location form. This form can be accessed for a Location by using the Edit function to
edit the personality file for that Location.
An SSL certificate must be installed via the SSL Certificate page in Gateway Viewer (see
Chapter 1. SSL Certificate, p. 44)
On the LAN of the Corente Virtual Services Gateway
In addition to the standard mandatory firewall rules, Corente requires the following rules be implemented
on any firewall that protects the Location gateway when SSL Clients are in use:
Inbound Rules
Permit TCP Source Port 1025 – 65535 from ANY IP address to TCP Destination Port 443* of
Corente Virtual Services Gateway IP address.
* 443 is the default SSL Port that remote computers will use to connect to the login for the SSL Client. If
a different port is going to be used for the SSL Port, then the inbound firewall rule must reflect the
appropriate port (see Chapter 5. Configuring SSL Client Access to a LAN, p. 26, for more information
about the SSL Port).
On Each User’s Computer
The SSL Client is compatible with the following Java-enabled web browsers:
Internet Explorer 9 or later
Firefox 25.0 or later
Chrome 34.0 or later
Safari 7.0 or later
Important: SSL Client users must be using Sun Microsystem's® JVM. Furthermore, make sure
version 1.5.0_10 or later of the Sun Java Runtime Environment (JRE) is installed on the user’s
computer. Note that version 1.6.0 of the JRE may not be compatible with older versions of Linux.
If a user’s OS does not support 1.6.0 or does not appear to be compatible, the user must
manually download an earlier version (1.5.0_10 or 1.5.0_11).
If you are using Internet Explorer, the URL of the SSL Client must be added as a trusted site in
your web browser in order for you to access it. To add the URL:
Copyright © 2014, Oracle and/or its affiliates. 8 Corente Services SSL Client
1. In Internet Explorer, open the Tools menu and select Internet Options.
2. Select the Security tab.
3. Select Trusted Sites.
4. Select Sites to open the trusted websites interface.
5. Enter the URL of the SSL Client and select Add.
6. Select Close to close the interface, then select OK to save your changes to the Security
tab. The SSL Client will be added to the Trusted Websites list.
When using Internet Explorer, the highest browser security setting supported is Medium. The
security setting of the browser can be changed by accessing the Tools menu, selecting Internet
Options, and clicking on the Security tab.
If users connect to the Internet via a proxy server, this proxy server must be a web proxy or they
will not be able to connect to the SSL Client. The IP address and port number of this proxy must
be specified in the browser and not automatically detected.
If users connect using Internet Explorer, the entry for the Secure proxy server must be the same
as HTTP. To ensure that this is true:
1. On the Tools menu of Internet Explorer, access Internet Options.
2. Click the Connections tab.
3. Click the LAN Settings button.
4. If the Use a Proxy Server selection box is selected, then either:
Entries should appear in the Address and Port fields underneath this option.
If these fields are gray, click the Advanced button. On the Proxy Settings screen,
under the Servers section, HTTP and Secure must have the same entries for Proxy
address to use and Port.
Note: Users that access the Internet via a proxy server will not be able to connect to the SSL
Client when the Require Client Certificate option is selected for two-way authentication
(for more information, see Chapter 5. Configuring SSL Client Access to a LAN, p. 26).
To retrieve email from an SMTP, IMAP, and/or POP3 mail server on the remote network using
SSL, there are several requirements:
The Corente Virtual Services Gateway must be accessed using the Visible DNS Name of
the Location (see Chapter 5. Configuring SSL Client Access to a LAN, p. 26, for more
information). If the DNS name will not be available via a public DNS server, you should add
Copyright © 2014, Oracle and/or its affiliates. 9 Corente Services SSL Client
this name to the DNS server at each remote user's location or add an entry to the hosts file
of each user's computer so that this name can be resolved.
JAVA must be enabled on the user's web browser.
The user must leave the browser window open to an active SSL Client session when
accessing email, so that the request is correctly routed via SSL.
The user's email program must be configured to access email via:
Protocol: either POP, IMAP, and/or SMTP
IP Address: localhost
Port Number: the port number that you will specify for the particular mail server on the
SSL Client Settings interface in App Net Manager (see Chapter 6. Services, p. 68, for
important exceptions)
Note: The protocol and port number information is provided to users on the Services interface of the
SSL Client.
Copyright © 2014, Oracle and/or its affiliates. 10 Corente Services SSL Client
Chapter 2. Pre-Configured SSL Services
If you would like, the SSL Client can provide users with the pre-configured services described in this
section.
For information on enabling these services, refer to Chapter 3. Creating SSL Client Accounts for Users
(p. 19) and Chapter 6. SSL Services (p. 31).
Information on using these services with the SSL Client interface is available in IV. Using the SSL (p. 53).
Desktop Access (VNC Applet)
SSL Client users can use Virtual Network Computing (VNC) to connect securely to remote computers.
VNC is a remote display system that allows you to view a remote computer's desktop environment on
your own computer, from anywhere on the Internet. To access a remote computer's desktop with VNC,
the VNC server software must be running on that remote computer.
By default, the SSL Client automatically downloads VNC viewer software onto users' systems the first
time that they use the VNC service. They will use this software each subsequent session for desktop
access. However, if they do not want to use this software, they can provide their own VNC viewer
software.
Due to performance issues, Corente requires VNC version 3.3.5 or later for PCs for both the viewer and server software.
For more information and to obtain copies of the free VNC software, refer to this website: http://www.realvnc.com/download.html.
File Browsing
Users can browse share resources and access files on servers with the Browse File interface (see
Chapter 4. Browse File, p. 60). Depending on the configuration of each server, users may have to
provide a username and password to login to each server before they are granted access. After login,
access permission is based on the privileges configured for that username on that server (i.e., the user's
ability to download, upload, and delete files).
Tip: If File Browsing is enabled, users can use the Browse File interface to view the DNS/WINS
names or IP addresses of the computers that can be accessed with any service provided by the
SSL Client.
Local Web Browsing (HTTP)
Users can browse private web pages located within your intranet (see Chapter 3. Browse Web Pages,
p. 57). By default, this option is enabled on each Location when the SSL Client is enabled.
A local DNS server must be in place on this Corente Virtual Services Gateway's LAN to provide name resolution for these intranet web pages. The server's IP address must be specified as the
Copyright © 2014, Oracle and/or its affiliates. 11 Corente Services SSL Client
Primary DNS Server (this can be modified on the Network tab of the Location’s Location form, with the Network Interfaces section). The server itself should be configured to forward lookups to a public DNS server.
Email Protocols (IMAP, POP3, and SMTP)
Users can send or retrieve email from an Internet Message Access Protocol (IMAP), Post Office Protocol
3 (POP3), and/or Simple Mail Transfer Protocol (SMTP) mail server in a Location’s LAN via the SSL
Client (see Accessing Email via the SSL Client, p. 71).
Telnet
Users can connect to remote servers with telnet. Telnet is a program that allows you to log into another
computer over a network or the Internet and execute commands on the remote computer using a text-
based interface. The remote computer must be running a telnet server in order for an SSL Client user to
connect to it.
By default, the SSL Client automatically downloads telnet software onto users' systems the first time that
they use this service. You will use this software for each subsequent telnet session. If you do not want to
use this software, you can use the built-in telnet program for Windows (only available if you are using
Internet Explorer on a Windows computer) or download and install another type of telnet software on your
computer.
There are many popular terminal emulation programs for telnet that are available on the Internet. Corente
recommends TeraTerm, a free telnet client program, which is available at
http://hp.vector.co.jp/authors/VA002416/ttermp23.zip. After download, instruct users to unzip the file and
run the setup.exe file to install.
Secure Shell (SSH)
In addition to telnet, users can connect to servers on the LAN with Secure Shell (SSH). SSH is a program
that allows you to log into another computer over a network or the Internet and execute commands on
the remote computer using a text-based interface. It is similar to telnet, but provides encryption on both
ends to secure the connection between computers. The host computer must be running an SSH server in
order for an SSL Client user to connect to it. To connect to a remote computer with SSH, an SSH server
must be running on the remote computer.
By default, the SSL Client automatically downloads SSH software onto users' systems the first time that
they use the SSH service. They will use this software each subsequent session for desktop access.
However, if they do not want to use this software, they can provide their own SSH software.
Corente recommends TeraTerm, a free telnet client program, to connect to remote computers using
SSH. However, to use TeraTerm with SSH, users must also install a special SSH package on their
computers. TeraTerm is available at http://hp.vector.co.jp/authors/VA002416/ttermp23.zip. After
download, instruct users to unzip the file and run the setup.exe file to install.
Copyright © 2014, Oracle and/or its affiliates. 12 Corente Services SSL Client
An SSH package for TeraTerm is available at http://www.cs.cmu.edu/~roc/ttssh154.zip. After download,
unzip the file into the location of the TeraTerm program directory (c:\program files\ttermpro).
Partner Access
To access the SSL Client, users log into a single Corente Virtual Services Gateway. This Location
functions as the host Location and provides access to all servers on the LAN in a User Group.
When Partner Access is enabled, users can use any service that is enabled for them to connect to the
partners of the host Location. Users can connect to both Location and Corente Client partners of this
Corente Virtual Services Gateway.
The Location partners must explicitly allow SSL Client users of this Location to connect to them (see
Chapter 10. Configuring SSL Client Access to Partners, p. 40, for more information). SSL Client users will
have access to machines that are in the Default User Group of the partner.
Additional Services
You can define custom services for users with the SSL Services feature in App Net Manager. This tool is
described in Configuring Custom SSL Services (p. 16).
Copyright © 2014, Oracle and/or its affiliates. 13 Corente Services SSL Client
II. Configuring the SSL Client
After ordering the SSL Client service, you must configure this service on your Corente application
network by completing the activities outlined in this section. This section explains step by step how to
create SSL Client accounts and how to administer SSL Client permissions on each Corente Virtual
Services Gateway.
Copyright © 2014, Oracle and/or its affiliates. 14 Corente Services SSL Client
Chapter 1. SSL Client Settings in App Net Manager
In App Net Manager, you must begin by configuring domain-wide SSL Client settings that will be used for
controlling SSL Client access to each Corente Virtual Services Gateway in your domain.
These settings are accessed in the domain directory, by opening the Global Intranet Settings category,
then opening the User Remote Access subcategory, and then opening the SSL Administration
subcategory.
Figure 1: SSL Administration Category in the Domain Directory
When the SSL Administration branch in the domain directory is opened, the following features are
displayed:
SSL Services
SSL Clients
SSL Client Groups
Copyright © 2014, Oracle and/or its affiliates. 15 Corente Services SSL Client
Chapter 2. SSL Services
When you enable access by SSL Clients to a Corente Virtual Services Gateway, you can identify specific
programs and services that each SSL Client user has permission to use with machines on the Location’s
LAN. The permissions for these programs and services can be set per Location (for all users that access
this Location) as well as per user group (for all Locations that the user group accesses), to provide fine-
grained access control. (Permissions for SSL Services can only be defined per user group when Local
Authentication is used for the SSL Client. For more information, refer to Chapter 3. Creating SSL Client
Accounts for Users, p. 19).
By default, App Net Manager provides several pre-defined SSL services that can be enabled or disabled
when establishing SSL Client permissions. (For more information about each of these Default SSL
Services, refer to Chapter 2. Pre-Configured SSL Services, p. 10). These services are read-only and
cannot be deleted.
If you would like to define additional services, select the SSL Services tool from the SSL Administration
category of the domain directory. The SSL Services that are currently defined in your domain will be
displayed in the table on the right side of the App Net Manager interface.
Figure 2: SSL Services
Copyright © 2014, Oracle and/or its affiliates. 16 Corente Services SSL Client
Configuring Custom SSL Services
When SSL Client access is enabled on a Corente Virtual Services Gateway, the Location gateway will
act as an application layer gateway that intermediates access between SSL Client users on the public
Internet and resources on internal corporate servers. All requests to the Location gateway for access to
internal servers are secured using SSL.
These requests are secured using SSL in one of two ways: by the browser or by the Corente SSL
Applet. The browser encrypts all requests via the File Browsing or Local Web Browsing (HTTP)
services, while the Corente SSL Applet secures all other requests. The browser or applet forwards
packets on behalf of the end user to the SSL port on the Location gateway, while the Location gateway
does the actual connection to the server and pretends to be the end user.
The SSL Client works with user applications in the following manner:
1. Upon user authentication, the Corente SSL Applet opens an HTTPS/SSL connection across the
Internet to the Corente Virtual Services Gateway.
2. The application (for example, telnet) makes a TCP connection to the applet using the loopback
address of 127.0.0.1 (e.g., localhost).
3. The applet notifies the Location gateway to open a TCP connection to the server to which the
application wishes to connect.
4. The applet then takes the data portion of all packets from the application and sends the data to
the Location gateway via the previously established SSL connection.
5. The Location gateway passes the data inside a new packet to the server through the TCP
connection that was established on the application’s behalf.
If a user uses an application with the SSL Client, keep in mind that traffic to and from the application must
be routed through the Corente SSL Applet so that it is encrypted by SSL. This means that the application
(including any applets or plug-ins on web pages that users may access with the SSL Client) must be
configured to route traffic to localhost and the port number that the application uses to contact the server.
You must create a custom SSL service (described in the next section) that informs the Location gateway
of the appropriate IP address and port number of the server that must be contacted for this application.
When choosing applications to use with the SSL Client, ensure that they meet the following criteria:
The application must use TCP (not UDP).
The application must employ single connection protocols.
The application must not utilize protocols containing imbedded IP addresses (for example, FTP).
Such programs will not work with the SSL Client.
The application must be able to be configured to route to localhost.
Copyright © 2014, Oracle and/or its affiliates. 17 Corente Services SSL Client
Remember that the SSL Client does not secure all traffic between the user’s computer and the LAN of
the Corente Virtual Services Gateway. Rather, it acts as an application proxy that encrypts only certain
traffic in SSL to the Location gateway. All applications that connect to the Corente SSL Applet will have
their traffic sent over the Internet encrypted with SSL, regardless of the ―insecurities‖ of the protocol in
use.
Adding a New Custom Service
To create a new SSL Service to use with the SSL Client, make sure SSL Services is selected in the
domain directory and:
Select the New button in the tool bar.
From the File menu, select Add SSL Service.
Right-click SSL Services in the domain directory and select Add SSL Service.
You will be taken to a blank Add SSL Service window.
Figure 3: Add SSL Service
Complete the following steps:
1. Complete the following fields and options:
Name: Enter a name for your new SSL Service in this field. This is the name that will be used
to identify this service in App Net Manager, and for the users on the SSL Client interface. The
name may contain up to 30 characters.
Protocol: Select the name of the protocol that will be used by this service. If the protocol is not
listed on this pull-down menu, select Custom.
Default Port: Enter the default port number to be used by this service. This is the port number
that a Corente Virtual Services Gateway will use to contact the appropriate server(s) when a
user attempts to use this service over the secure SSL connection. This will be the default port,
but if necessary, it can be modified on the Location form for each Location that has enabled
SSL Client access.
Copyright © 2014, Oracle and/or its affiliates. 18 Corente Services SSL Client
Specify Server IP address or DNS Name: If this service is associated with a specific server,
select this checkbox. It will be associated with a single server on the LAN of each Location
gateway that has this service enabled. This means that when you enable this service on the
Location form for a Location, you must also specify the IP address or DNS name of the server
providing this service. Users will only be able to use the service with that server.
When this option is not selected, this service is not associated with a single server. Users can
use this service to connect to any computer that you have permitted them to contact. When
using this service, users will be required to supply the DNS name, WINS name, or IP address
of the computer to which they would like to connect.
2. After you have completed these fields, click OK to add the new SSL Service to your SSL Services
list. Use the Save button to save your changes.
3. Once you have saved your new SSL Service, you can enable the new service for an SSL Client
Group (see Chapter 4. SSL Client Groups, p. 23) and/or on a Location (see Chapter 6. SSL
Services, p. 31). Until it is specifically enabled for the appropriate Location(s), the new service is
not active.
You may return to this screen at any time to define new custom services.
Modifying an SSL Service
To modify an existing SSL Service, select the service and use the Edit feature.
After you have made your changes to the SSL Service, click OK to store your additions or Cancel to
close the window without storing any of your changes. Once Saved, your changes will be downloaded
automatically by the Location gateways where the service is in use and will go into effect immediately.
You cannot modify a default SSL Service.
Deleting an SSL Service
To delete an SSL Service, select the service and use the Delete feature.
If you delete an SSL Service that is currently enabled on any of your Locations, the Locations will no
longer support this service. Once Saved, your changes will be downloaded automatically by the Location
gateways and will go into effect immediately. You cannot delete a default SSL Service.
Copyright © 2014, Oracle and/or its affiliates. 19 Corente Services SSL Client
Chapter 3. Creating SSL Client Accounts for Users
Each user must have a user account to log into the SSL Client. Depending on how you would like to
authenticate users, user account creation will vary.
Corente recommends the use of a RADIUS or LDAP server for authentication, but can also provide its
own local authentication for users via a username and password combination. When local authentication
is used, the SSL Client provides several additional permission controls:
Access on the Location gateway’s LAN can be limited to a specific group of machines (i.e., a
―User Group‖) for each group of users.
SSL services and features can be limited for each group of users.
A user can change his/her own password.
External Server Authentication (RADIUS and LDAP)
When you use a RADIUS or LDAP server to authenticate remote users to a Location, you must configure
user names and passwords for users on the RADIUS or LDAP server itself. Refer to the documentation
for RADIUS or LDAP to determine how to create the accounts on your server.
After creating the accounts, you will capture information in the Location form regarding your server and
the RADIUS/LDAP implementation on your network. This allows the Location gateway to query the
server correctly when a user attempts to log into the SSL Client. For information about these screens,
refer to Chapter 9. External Authentication (RADIUS or LDAP) (p. 37).
When external authentication is used, configuration of user accounts in App Net Manager is not required.
Move to the next section, Chapter 5. Configuring SSL Client Access to a LAN (p. 26).
Local Authentication
If you are not going to use an external server for user authentication, you must use App Net Manager to
create an account for each SSL Client user. This is accomplished with the SSL Clients feature,
selectable in the domain directory of App Net Manager. User account information will be stored in the
Corente Virtual Services Gateway database.
To create and manage SSL Client accounts, open the SSL Clients category in the domain directory.
Copyright © 2014, Oracle and/or its affiliates. 20 Corente Services SSL Client
Figure 4: SSL Clients
You can create, modify, and delete SSL Client accounts with this feature.
Adding a New SSL Client Account in App Net Manager
To add a new SSL Client account to your domain, make sure SSL Clients is selected in the domain
directory and:
Select the New button in the tool bar.
From the File menu, select Add SSL Client.
Right-click SSL Clients in the domain directory and select Add SSL Client.
You will be taken to a blank Add SSL Client window.
Copyright © 2014, Oracle and/or its affiliates. 21 Corente Services SSL Client
Figure 5: Add SSL Client
2. On this screen, complete the following fields and selections:
SSL Client Name: Enter the alphanumeric identifier for the SSL Client account that you are
creating. You may use up to 15 alphanumeric characters. Do not use tabs, spaces, or
punctuation marks when creating this name. (If you have created a Corente Client account
for this user, the User Names for both accounts can be the same. For more information
about Corente Clients, refer to the VI. Corente Services Client manual.)
Password: Create an alphanumeric password for this SSL Client account. (The minimum
and maximum number of characters for this password is set with the Domain Preferences
tool in App Net Manager.)
For security purposes, Corente requires that this password contain one each of the following:
An upper-case character
A lower-case character
A numeric character
Confirm Password: Re-enter the password you created in the Password field to avoid any
mistakes.
3. SSL Client accounts are combined into groups to make administration easier. All SSL Client
Groups that have been configured for this domain will be displayed in the SSL Client Group
Membership of SSL Client list. Select the checkbox beside each group that you would like this
SSL Client to join. You may add an SSL Client to as many groups as you would like.
To create a new group, use the Chapter 4. SSL Client Groups feature (p. 23).
Copyright © 2014, Oracle and/or its affiliates. 22 Corente Services SSL Client
4. When you have completed this form, click OK to store your changes or Cancel to close the
window and discard your changes. You must also Save your changes in App Net Manager in order
for them to take effect.
The new SSL Client name will now appear in your SSL Client list. You should repeat this process
to add other SSL Client accounts to your domain.
5. After you have added SSL Client accounts, you must remember to supply the users with their user
names and passwords. Additionally, if you have not associated SSL Client Groups with any
Location, you should partner them via the User Remote Access tab in the appropriate Location ’s
Location form.
Viewing or Modifying an SSL Client Account Configuration
If you would like to modify the configuration of an existing SSL Client, you can use the Edit feature.
After you have made your changes to the SSL Client, click OK to store your additions or Cancel to close
the window and discard your changes. Once Saved, your changes will go into effect immediately.
Deleting an SSL Client Account
If you would like to delete an SSL Client from your domain, you can use the Delete feature.
This command will remove the SSL Client from App Net Manager, remove it from any SSL Client Groups
it was associated with, and destroy any current connections between it and a Location. The user will no
longer be able to access your Location(s) unless you add a new SSL Client account for the user.
Once Saved, your changes will go into effect immediately.
Copyright © 2014, Oracle and/or its affiliates. 23 Corente Services SSL Client
Chapter 4. SSL Client Groups
SSL Clients are combined into groups to make partner and permissions administration easier. The SSL
Client Groups feature allows you to assign partners and SSL Service permissions to an entire group of
SSL Clients at once.
Figure 6: SSL Client Groups
Adding a New SSL Client Group
To create a new SSL Client Group, make sure SSL Client Groups is selected in the domain directory
and:
Select the New button in the tool bar.
From the File menu, select Add SSL Client Group.
Right-click SSL Client Groups in the domain directory and select Add SSL Client Group.
You will be taken to a blank Add SSL Client Group window.
Copyright © 2014, Oracle and/or its affiliates. 24 Corente Services SSL Client
Figure 7: Add SSL Client Group
Fill out this window as follows:
Name: Enter a new group name.
SSL Services Permitted for Group Members: You can limit the services that are available to
members of this SSL Client Group. Choose from the following options:
▪ Specified SSL Services Permitted: Select this option to choose the services that this
group will be allowed to use. In the list below this option, you must select the checkboxes
of the permitted SSL Services for this group. For more information about the default SSL
Services that appear in the list, refer to Chapter 2. Pre-Configured SSL Services (p. 10)
▪ All SSL Services Permitted: Select this option to allow members of this group to use
any SSL Service that has been enabled for use on a Location to which the group is
partnered.
▪ No Services Permitted: Select this option to prevent members of this group from using
any SSL Service.
MyCompany : Add SSL Client Group
Copyright © 2014, Oracle and/or its affiliates. 25 Corente Services SSL Client
When you have completed this form, click OK to store your changes or Cancel to close the window and
discard your changes. Once Saved, your new SSL Client Group will appear in the list of SSL Client
Groups.
To add members to a group, select that group while configuring an SSL Client with the SSL Clients
feature (Chapter 3. Creating SSL Client Accounts for Users, p. 19).
Note: The ability for an SSL Client user to use an SSL Service through a Location gateway depends
on both (a) the SSL Service being permitted in the SSL Client’s group and (b) the SSL Service being
permitted by the Location. When you enable SSL Services for a Location (Chapter 6. SSL Services,
p. 31), make sure the permissions for that Location and for the SSL Client Group partnered with the
Location allow the correct SSL Services to be used.
Modifying an SSL Client Group
If you would like to modify the configuration of an existing SSL Client Group, you can use the Edit
feature.
If the SSL Client Group contains any members, these SSL Clients will be listed in the Group Members
of SSL Client Group list.
After you have made your changes to the SSL Client Group, click OK to store your additions or Cancel to
close the window and discard your changes. Once Saved, your changes will go into effect immediately.
Deleting an SSL Client Group
To delete an SSL Client Group, you can use the Delete feature.
Once Saved, the SSL Client Group will be removed from your domain.
Copyright © 2014, Oracle and/or its affiliates. 26 Corente Services SSL Client
Chapter 5. Configuring SSL Client Access to a LAN
After creating accounts for SSL Client users, you must enable SSL Client access on at least one of your
Corente Virtual Services Gateways and configure the access permissions that users will be given on the
Location gateway’s LAN.
To enable and configure SSL Client access to a Location, complete the following steps:
1. Access the Location form for the Location in App Net Manager:
Right-click on the Location icon in the map or domain directory and select Edit.
Double-click the Location name in the domain directory
Select the Location name in the domain directory and then select the Edit option from the
tool bar or the Edit menu.
When the Location form is displayed, select the User Remote Access tab.
Copyright © 2014, Oracle and/or its affiliates. 27 Corente Services SSL Client
Figure 8: User Remote Access tab
2. Select the option labeled Allow SSL Client Access to the Network. Until this checkbox is
selected, SSL Client access through the Location gateway to local LAN is disabled, even if you
have ordered the service and it has been provisioned (turned on) by Corente.
3. Select the Require Client Certificate option if you are supplying digital certificates on SSL clients
and you have installed a CA Certificate for this Location gateway on the SSL Certificate page of
Gateway Viewer (for more information, see Chapter 1. SSL Certificate, p. 44). This feature
provides two-factor authentication.
Note: Users that access the Internet via a proxy server will not be able to connect to the
SSL Client when this option is selected.
4. Fill out the settings as follows to control the behavior of SSL Client sessions:
Copyright © 2014, Oracle and/or its affiliates. 28 Corente Services SSL Client
Inactive Session Timeout (min): Enter the amount of time in minutes that an SSL Client
session will remain connected to the Location if the SSL Client is left idle by the user. The
default timeout is 15 minutes.
WARNING: The session timeout period may conflict with users’ email programs when
they have been set to check automatically for new messages from the mail
server. Remind users to configure their email programs so that the length of
time between message checks is more frequent than the session timeout
period. This will prevent the users from having to re-login to the SSL Client
each time their email program attempts to look for new messages.
Failed Login Attempts: Enter the number of login attempts that a user will be allowed
before the user is locked out of the SSL Client for the amount of time that you specify in the
Lockout Time field (see below). The user will be unable to login successfully (even with a
correct username and password) until the Lockout Time period has completed. The default
number of attempts is 5.
Lockout Time (minutes): Enter the number of minutes that a user will be locked out of the
SSL Client after exceeding the total number of Failed Login Attempts that you have
specified (see above). After this time period has completed, the user will have the number of
Login Attempts that you have specified above until the user is locked out again for the
period that you specify in this field. The default lockout time is 1 minute.
SSL Port: Enter the port number on the Corente Virtual Services Gateway that remote
computers will use to access the SSL Client login. The default port is 443, but should be
changed if this port number is already being used. If you change the port number, SSL
Client users must connect directly to that port number. (For example, if the Visible DNS
Name of Location is chicago.acme.com and the SSL Port is 999, to access the SSL Client
interface for this Location, users would type https://chicago.acme.com:999).
Important: This port number must be opened in any firewalls shielding this Corente Virtual
Services Gateway.
5. In the Visible DNS Name of Location field, enter the DNS name that SSL Client users will use to
access this Corente Virtual Services Gateway from the WAN. This name should be formed using
three levels, i.e. chicago.acme.com (where acme.com is the domain name that has been
registered by your company). Users will enter https:// and this name in the location bar of their web
browser to access the SSL Client interface (https://chicago.acme.com).
Note: If this DNS name will not be available via a public DNS server, you should add this
name to the DNS server at each remote user's location or add an entry to the hosts
file of each user's computer so that this name can be resolved.
6. Click the Configure button adjacent to SSL Services. The SSL Services screen will be displayed.
Complete this screen to identify the services that will be available on the LAN for SSL Client users.
This screen is described in Chapter 6. SSL Services (p. 31)
Copyright © 2014, Oracle and/or its affiliates. 29 Corente Services SSL Client
7. Click the Configure button adjacent to System Homepage and Bookmarks. The Homepage
Bookmarks screen will be displayed. This screen allows you to enter URLs and bookmark names
that all users will be able to access from the SSL Client interface for this Location. This screen is
described in Chapter 7. System Homepage and Bookmarks (p. 33).
8. Click the Configure button adjacent to SSL Authorized Groups. The SSL Authorized Groups
screen will be displayed. Complete this screen to identify the SSL Client Groups that will be
allowed to connect to this Location. You only need to fill out this screen if you are using Local
Authentication (see Step 9). This screen is described in Chapter 8. SSL Authorized Groups (p.
35).
9. The Authentication Type section allows you to specify how SSL Client users will be authenticated
to the Location. If you are using an External Authentication method, you must capture configuration
information about the RADIUS or LDAP server (see Step 10).
Local Authentication (Password): Select this option to authenticate users to the Corente
Virtual Services Gateway via the standard login interface (user name and password). When
this option is selected, you must use the SSL Client feature to set up SSL Client accounts
for each user (see Chapter 3. Creating SSL Client Accounts for Users, p. 19). Then, you
must select the SSL Client Groups that will be allowed to access this Corente Virtual
Services Gateway and specify the User Group that they will be permitted to access in the
Authorized SSL Client Groups section (see Step 8).
External Authentication (RADIUS): Select this option if you would like to use a RADIUS
server on your LAN to authenticate SSL Client users to the Corente Virtual Services
Gateway. This option will be selectable when you have enabled a RADIUS server in the SSL
Client Authentication section of this screen and configured its settings. If you use a
RADIUS server for authentication, you must configure SSL Client accounts for users on the
RADIUS server.
External Authentication (LDAP): Select this option if you would like to use an LDAP server
on your LAN to authenticate SSL Client users to the Corente Virtual Services Gateway. This
option will be selectable when you have enabled an LDAP server in the SSL Client
Authentication section and configured its settings. If you use an LDAP server for
authentication, you must configure SSL Client accounts for users on the LDAP server.
10. The External Authentication Servers section allows you to specify the methods of authentication
that are available on your LAN for use by remote access clients. (The settings that you capture for
RADIUS and LDAP servers will apply for both Corente Clients and SSL Client users.)
Enable RADIUS Server: Select this option to enable RADIUS server authentication for SSL
Client users. When this option is selected, you must click the Configure button to configure
the RADIUS server authentication settings. The RADIUS Server Authentication screen is
described in RADIUS Authentication (p. 37).
In order to use this server to authenticate SSL Client users, you must select External
Authentication (RADIUS) in the Authentication Method section of this screen.
Copyright © 2014, Oracle and/or its affiliates. 30 Corente Services SSL Client
Enable LDAP Server: Select this option to enable LDAP server authentication for SSL
Client users. When this option is selected, you must click the Configure button to configure
the RADIUS server authentication settings. The LDAP Server Authentication screen is
described in LDAP Authentication (p. 38).
In order to use this server to authenticate SSL Client users, you must select External
Authentication (LDAP) in the Authentication Method section of this screen.
11. After configuration on this screen is complete, click OK to close the Location form. Select the Save
feature from the File menu or the toolbar to save your changes.
Copyright © 2014, Oracle and/or its affiliates. 31 Corente Services SSL Client
Chapter 6. SSL Services
This screen allows you to select the services that the Location will allow all of its SSL Clients to use on
the Location’s LAN.
Note: When Local Authentication is being used, you can enable or disable SSL Services for
groups of SSL Client users with the SSL Client Groups feature (see Chapter 4. SSL Client Groups,
p. 23). This means that different SSL Client Groups that are authorized to communicate with this
Location can have different permissions on the Location's LAN. Of course, for a group to use a
permitted service on this LAN, the service must also be enabled on this screen.
Figure 9: SSL Services screen
This screen lists all the SSL Services that you have already enabled for SSL Client users that
communicate with this Location. You can Edit any of these services to modify how SSL Clients can use it
or you can Delete a service to prohibit SSL Clients from using it.
To enable a new service, click the Add button. The Edit SSL Service screen will be displayed.
Copyright © 2014, Oracle and/or its affiliates. 32 Corente Services SSL Client
Figure 10: Edit SSL Service
Fill out this screen as follows:
SSL Service: Select the SSL Service that you would like to enable from this pull-down menu.
This screen lists all the SSL Services (both default and custom defined) that have been defined
for your domain. You can define custom services with the SSL Services feature (see Chapter 2.
SSL Services, p. 15).
Protocol: If applicable, select the protocol that this service will use from the pull-down menu.
Port: If applicable, enter a port number that this Location gateway will use to contact the server
providing the service. The standard default ports for each service will be displayed in this field
when a service is selected.
Specify Server IP Address or DNS Name: If applicable, use this section to associate a specific
server with this service. SSL Clients of this Location can use the service to connect to this
specified server only. Select either Server IP Address (and specify the IP address of the
server) or Server DNS Name (and specify the DNS name of the server)
Note: The IP address of the server must be included in the Default User Group of the
Location.
Click OK to save your changes to this addition. Click OK again to close the SSL Services window.
For more information on the services available to enable or disable on this screen, refer to Chapter 2.
Pre-Configured SSL Services (p. 10) and Configuring Custom SSL Services (p. 16).
Copyright © 2014, Oracle and/or its affiliates. 33 Corente Services SSL Client
Chapter 7. System Homepage and Bookmarks
The System Homepage and Bookmarks screen allows you to choose a homepage that will display
when users log into the SSL Client for this Location. You can also use this screen to create bookmarks
for intranet web browsing that will appear as System Bookmarks in the Bookmarks list on the user
interface. Users will also be able to create their own bookmarks on their personal SSL Client interface.
Figure 11: System homepage and Bookmarks
You can edit or delete any bookmark in this list. You will not be able to delete the System Homepage
entry.
Specify an SSL Client Homepage
To specify a homepage that will appear when users log into the SSL Client for this Location, select the
System Homepage entry and click the Edit button.
Figure 12: System Homepage
Choose http or https and enter the URL of the intranet web page that will display when users first log
into the SSL Client. Click OK.
Copyright © 2014, Oracle and/or its affiliates. 34 Corente Services SSL Client
Create Bookmarks for Intranet Browsing
To create a bookmark that will be available for SSL Client users of this Location, click the Add button.
Figure 13: Add Bookmark
Complete the fields as follows:
Bookmark Name: Enter the name that will be displayed to users as the name of the bookmark.
URL: Choose http or https and enter the URL of the bookmark.
Click OK.
Copyright © 2014, Oracle and/or its affiliates. 35 Corente Services SSL Client
Chapter 8. SSL Authorized Groups
This screen allows you to authorize certain SSL Client Groups to connect to this Location (when Local
Authentication is being used). SSL Client Groups are groups of SSL Client accounts and are created
with the SSL Client Groups feature (see Chapter 4. SSL Client Groups, p. 23).
Figure 14: SSL Authorized Groups
This screen displays the SSL Client Groups in your domain that have been authorized to access this
Location, the local User Group to which the SSL Group can connect, a summary of the permissions that
this group has been assigned, and the number of SSL Services that members of this group can use. You
can Edit or Delete any of the existing entries on this screen.
To authorize an SSL Client Group to communicate with this Location, click the Add button. The Add SSL
Authorized Group screen will be displayed.
Copyright © 2014, Oracle and/or its affiliates. 36 Corente Services SSL Client
Figure 15: Add SSL Authorized Group
Fill out the fields as follows:
Name: Select the SSL Client Group that you are allowing to access this Location. (Note that an
SSL Client Group can be associated with multiple Locations.)
User Group: Select the local User Group of this Location that the selected SSL Client Group will
be allowed to communicate with. User Groups are groups of IP addresses on the Location’s LAN
and are created on the User Groups tab of the Location form.
This screen also displays the permissions that the selected SSL Client Group has been assigned. You
cannot change these permissions on this screen, but you can modify them for the group with the SSL
Client Groups feature.
When you have finished, click the OK button to store your changes or the Cancel button to discard your
changes.
Copyright © 2014, Oracle and/or its affiliates. 37 Corente Services SSL Client
Chapter 9. External Authentication (RADIUS or LDAP)
If you are going to use an external server (either RADIUS or LDAP) for authentication of SSL Client
users, you must enter information about this server into a screen in the Location form. Complete this
configuration after you have created user accounts on the server.
On the User Remote Access page, click the Configure button for either RADIUS or LDAP in the
External Authentication Servers section to display the appropriate External Authentication screen.
Note: You can capture only one set of information per Location for a RADIUS server and one set of
information for an LDAP server.
RADIUS Authentication
When you click the Configure button to configure a RADIUS Server, the Edit RADIUS Server screen
will appear. Use this screen to capture the settings that the Corente Virtual Services Gateway will use to
contact the RADIUS server on your LAN for authentication of SSL Client users.
Figure 16: RADIUS Server Authentication Settings
RADIUS is an authentication protocol commonly used to provide secure authentication for users. It is
often used to provide centralized authentication, authorization, and accounting.
Copyright © 2014, Oracle and/or its affiliates. 38 Corente Services SSL Client
To configure your Corente Virtual Services Gateway to contact the RADIUS server, complete the
following options and fields:
Enable RADIUS Server: Select this option to enable the RADIUS server.
IP Address: Enter the IP address of the RADIUS server on your LAN. This address must be
included in the Default User Group of this Corente Virtual Services Gateway.
Port: Enter the port number on the RADIUS server that the Corente Virtual Services Gateway
will contact to authenticate remote users. The default port number used will be 1831, but this
number can be changed if the port is already in use.
Secret: Enter the secret that the Corente Virtual Services Gateway will use to authenticate itself
with the RADIUS server.
Confirm Secret: Re-enter the secret you entered in the Secret field to avoid any mistakes.
Timeout: Select the timeout interval for how long the Corente Virtual Services Gateway will wait
for the RADIUS server to respond to its request to authenticate a remote user. You may select
any interval between 1 and 30 seconds. The default interval is 4 seconds.
Retries: Select how many retries the Corente Virtual Services Gateway will attempt in order to
contact the RADIUS server for an authentication. For each attempt, the Corente Virtual Services
Gateway will wait for the interval you have selected with the Timeout option. You may select
between 1 and 10 retries. The default number of retries is 2.
Login Prompt: Enter the login prompt for users.
Password Prompt: Enter the password prompt for users.
Click OK once you have provided the appropriate information.
LDAP Authentication
When you click the Configure button to configure LDAP Server settings, the Edit LDAP Server screen
will be displayed. Use this interface to specify the settings that the Corente Virtual Services Gateway will
use to authenticate remote access users with the Lightweight Directory Access Protocol (LDAP) server
on your LAN.
Copyright © 2014, Oracle and/or its affiliates. 39 Corente Services SSL Client
Figure 17: LDAP Access
LDAP is an open-standard protocol for accessing X.500 directory services. A directory is a specialized
database optimized for reading, browsing and searching. LDAP is used to authenticate users based on
entries in the directory. Corente uses the standard implementation of Open LDAP.
To configure your Corente Virtual Services Gateway to contact the LDAP server, complete the following
fields:
Enable LDAP Server: Select this option to enable the LDAP server.
LDAP Server IP Address or DNS Name: Select the appropriate option and enter either the IP
address or DNS name of the LDAP server on your LAN. This address must be included in the
Default User Group of this Corente Virtual Services Gateway.
LDAP Server Port: Enter the port number on the LDAP server that the Corente Virtual Services
Gateway will contact to authenticate remote users. The default port number used will be 389, but
this number can be changed if the port is already in use.
Backup LDAP Server IP Address or DNS Name: (optional) Select the appropriate option and
enter either the IP address or DNS name of the backup LDAP server on your LAN. This address
must be included in the Default User Group of this Corente Virtual Services Gateway.
Backup LDAP Server Port: (optional) Enter the port number on the backup LDAP server that
the Corente Virtual Services Gateway will contact to authenticate remote users.
User Name: Enter the username that this Corente Virtual Services Gateway will use to log into
the LDAP server in order to authenticate remote users.
Copyright © 2014, Oracle and/or its affiliates. 40 Corente Services SSL Client
Password: Enter the password that this Corente Virtual Services Gateway will use to log into the
LDAP server in order to authenticate remote users.
Timeout: Select the timeout interval for how long the Corente Virtual Services Gateway will wait
for the LDAP server to respond to its request to authenticate a remote user. You may select any
interval between 1 and 30 seconds. The default interval is 4 seconds.
Base: Enter the user name at which to start the directory search. This setting provides controls
on how a query to the LDAP server is performed.
Scope: Select the integer that will indicate the scope of the directory search. Options available in
the pull-down menu are LDAP_SCOPE_BASE, LDAP_SCOPE_ONELEVEL, and
LDAP_SCOPE_SUBTREE. This setting provides controls on how a query to the LDAP server is
performed.
Filter: Enter a filter string for the search. This setting provides controls on how a query to the
LDAP server is performed.
Attributes: Enter the sub-fields that you would like retrieved from the database. Each entry in
this field should be space-separated. This setting provides controls on how a query to the LDAP
server is performed.
Click OK once you have provided the appropriate information.
For more information about any of the fields or options on this screen, refer to the LDAP documentation.
Copyright © 2014, Oracle and/or its affiliates. 41 Corente Services SSL Client
Chapter 10. Configuring SSL Client Access to Partners
By default, SSL Client users are able to access computers on the LAN of the Corente Virtual Services
Gateway that they log into. If you have enabled Partner Access on the SSL Services page for the
Location (see Partner Access, p. 12, and Chapter 6. SSL Services, p. 31), you can allow the SSL Client
users of that Location to connect to the Location’s partners.
SSL Client users will automatically be able to connect to the Corente Client partners of the Location.
However, each of the Location’s Location partners must explicitly allow the Location’s SSL Client users to
access computers within the Default User Group.
Allow SSL Client Access
To allow SSL Client access to partners, perform the following steps.
1. Enable Partner Access on the SSL Services window (via the User Remote Access tab) of the
Location providing the SSL Client interface. This Location is known as the SSL host Location.
2. Click OK to save changes on the Location form for the SSL host Location.
3. Now, choose the SSL host Location’s partner that you would like users to be allowed to access.
Open this Location’s Location form.
4. Access the Partners tab in the Location form, and Edit the partner entry for the SSL Host
Location.
Figure 18: Partners Tab
Copyright © 2014, Oracle and/or its affiliates. 42 Corente Services SSL Client
6. The Add Partner window is displayed. In the Connection Settings section, select Allow Partner
SSL Clients access to LAN.
Figure 19: Add Partner
7. Click the OK button to save your changes to the Location form, and save your changes with the
Save button in the App Net Manager tool bar.
SSL Client users of the SSL host Location will now be able to access computers within the Default User
Group of the Location partner. The NAT settings that were enabled for the SSL host Location on the
partner’s Partner tab will also apply to the SSL Client users.
For security reasons, you cannot use this option to allow SSL Client users of an Extranet Location to
connect to this Location.
Copyright © 2014, Oracle and/or its affiliates. 43 Corente Services SSL Client
III. Configuring Corente Virtual Services Gateways for Use with the SSL Client
Once you have enabled the Allow SSL Client access to the Network option on a Corente Virtual
Services Gateway and configured the other appropriate settings on the Location form, the Gateway
Viewer application must be accessed for that Location in order to install a signed digital certificate. This
certificate will encrypt each user’s session with SSL.
Even if you decide not to provide two-way authentication with client-side certificates and a Location
gateway-side CA certificate, you must install an SSL certificate on the Location gateway. The Gateway
Viewer also includes two interfaces that allow you to view current and historical SSL Client user activity.
SSL Admin
When you access Gateway Viewer, all of the options for SSL are located in the SSL Admin menu.
SSL Admin: This button contains three options. All of these options are password-protected.
SSL Certificate allows you to upload or define a new certificate that will be used to encrypt users' sessions with SSL.
SSL Log allows you to view the history of logins and logouts to this Corente Virtual Services Gateway via the SSL Client.
SSL User Report lists all active SSL Client sessions to this Corente Virtual Services Gateway.
Copyright © 2014, Oracle and/or its affiliates. 44 Corente Services SSL Client
Chapter 1. SSL Certificate
Note: This page will be unavailable until SSL Client access has been enabled to this Corente
Virtual Services Gateway in App Net Manager.
The Corente Gateway SSL Certificate Administration page is used to define and/or upload the
necessary SSL certificates that will be used to encrypt each user’s session with SSL.
Figure 20: SSL Certificate Administration
This screen can be used to access information for three different types of certificates.
SSL Certificate: This certificate is required for the SSL Client. It is the certificate that is used to
encrypt each user’s session with SSL. On this interface, you can generate a Certificate Signing
Request (CSR) to obtain a signed certificate from a trusted Certificate Authority (CA), install a
signed certificate, or create a self-signed certificate.
SSL Certificate Chain: If you have obtained your SSL Certificate from a CA, an intermediate
certificate may need to be installed on the Location gateway when you install the SSL Certificate.
Your CA will inform you if this extra certificate is needed.
CA Client Certificate: If you would like to provide users with two-way authentication for SSL,
you can install a CA certificate on your Location gateway and personal certificates on each user’s
computer.
The installation status of each certificate on your Location gateway will be indicated in the table. To
upload, delete, or change any of these listed certificates, click the Modify button for the appropriate
certificate.
When you click the hyperlink labeled Status at the top of the page, the Corente Gateway SSL
Certificate Administration: Manage Certificate Status screen will be displayed. This screen displays
the last recorded status of the SSL certificates that are installed on your Location gateway. You can use
this screen to determine if a new SSL certificate has been installed correctly on the Location gateway.
Copyright © 2014, Oracle and/or its affiliates. 45 Corente Services SSL Client
Figure 21: SSL Certificate Status
SSL Certificate
The SSL Certificate page is used to define the certificate and private key that will be used to encrypt
each SSL Client session with SSL. The certificate authenticates the Corente Virtual Services Gateway
with each connecting SSL Client. You can create a CSR to send to a trusted CA, upload the digitally-
signed SSL certificate that you have obtained from a CA, or create a new, self-signed certificate. Until a
certificate is installed, the SSL Client will be inaccessible at this Location.
Figure 22: SSL Certificate Administration
It is strongly recommended that you generate a CSR and import the SSL certificate that you obtain
from a trusted CA (such as VeriSign). When obtaining your SSL certificates, it may be useful to note that
the Corente Virtual Services Gateway runs an Apache server with mod_ssl and open_ssl on Linux.
If an SSL certificate is already in use, the information for that certificate will be displayed in the Installed
SSL Certificate Information section on this interface.
Copyright © 2014, Oracle and/or its affiliates. 46 Corente Services SSL Client
All certificate and private key files used by the Corente Virtual Services Gateway are BASE64 encoded
X.509 format. This format is also called Privacy Enhanced Mail (PEM) format.
If the Corente Virtual Services Gateway Visible DNS Name is changed in App Net Manager, you must
import or create a new certificate for this Location gateway.
Obtaining an SSL Certificate Signed by a CA
To obtain a signed SSL certificate from a trusted CA (such as VeriSign), you will need to generate a
Certificate Signing Request (CSR). Complete the following steps:
1. To generate a CSR for the Location, click the Generate a Certificate Signing Request (CSR)
button. On the Generate Certificate Signing Request (CSR) page that is displayed, fill out any of
the following optional fields:
Valid for: Enter the number of days that this certificate will be valid. When the certificate
expires, you must create or import a new certificate. Users sessions can still be encrypted
with SSL after certificate expiration, but they will be notified that the certificate has expired
and may not be trustworthy.
Country Name: Enter the two-letter abbreviation for the country in which this certificate is
originating.
State or Province Name: Enter the name of the state or province in which this certificate is
originating.
Locality Name: Enter the name of the city or town in which this certificate is originating.
Organization Name: Enter the name of your company or organization.
Organizational Unit Name: Enter the name of the department of your company or
organization that is providing this certificate.
E-mail Address: Enter the e-mail address for users to contact about this certificate.
Pass Phrase: Enter a pass phrase that will be used to encrypt the private key for this
certificate.
Pass Phrase (again): Re-enter the pass phrase to avoid mistakes.
2. Click the Generate button. A ZIP file will be downloaded to your browser. This ZIP file contains two
files: a Certificate Signing Request (CSR) and the corresponding Private Key (KEY).
3. Unzip this file and send the CSR to a trusted CA such as VeriSign to be digitally signed.
4. When you receive the signed certificate, use the Import SSL Certificate option to upload the
certificate and private key.
Copyright © 2014, Oracle and/or its affiliates. 47 Corente Services SSL Client
If your CA requires that you install an Intermediate Certificate on this Location gateway as well,
use the SSL Chain Certificate page (see SSL Chain Certificate, p. 48).
Install an SSL Certificate on Your Location Gateway
Once you have obtained a signed SSL certificate from a trusted CA (such as VeriSign), install this
certificate on your Location gateway. Complete the following steps:
1. To import an SSL certificate and/or SSL private key file that were signed by a trusted CA (such as
VeriSign), click the Import SSL Certificate button. On the Import SSL Certificate page that is
displayed, enter the following information:
Pathname to SSL certificate file: Enter the complete path and file name of the SSL
certificate that is stored on your system or use the Browse button to locate this certificate.
Pathname to SSL private key file: If a private key is not included in your SSL certificate
file, specify the key file in this field. Enter the complete path and file name of the SSL private
key that is stored on your system or use the Browse button to locate this file.
Pass phrase: If the private key that you are importing is encoded with a pass phrase, enter
this phrase in the field provided.
2. Click Install to save this certificate to the Location gateway. The Location gateway will restart, and
will now encrypt each SSL Client user's session with this certificate and the private key.
Create a Self-Signed Certificate
If you do not want to obtain a signed SSL certificate from a trusted CA, you can create a self-signed
certificate on this interface and use it for SSL encryption. Complete the following steps:
1. To create a new, self-signed SSL certificate, click the Create a self-signed SSL Certificate
button. On the Create a Self-Signed SSL Certificate page that is displayed, you can fill out the
following optional fields:
Valid for: Enter the number of days that this certificate will be valid. When the certificate
expires, you must create or import a new certificate. Users sessions can still be encrypted
with SSL after certificate expiration, but they will be notified that the certificate has expired
and may not be trustworthy.
Country Name: Enter the two-letter abbreviation for the country in which this certificate is
originating.
State or Province Name: Enter the name of the state or province in which this certificate is
originating.
Locality Name: Enter the name of the city or town in which this certificate is originating.
Copyright © 2014, Oracle and/or its affiliates. 48 Corente Services SSL Client
Organization Name: Enter the name of your company or organization.
Organizational Unit Name: Enter the name of the department of your company or
organization that is providing this certificate.
E-mail Address: Enter the e-mail address for users to contact about this certificate.
All of these fields are optional. The information that you enter here will be presented to SSL Client
users when they are asked to accept the certificate to encrypt their session with SSL.
2. When you have entered information in the fields of your choice, click Install to save this certificate
to the Location gateway. The Location gateway will restart, and will now encrypt each user's SSL
Client session with this certificate and a private key. No validation of this information is performed.
Note: If you create a certificate and an SSL Client user immediately attempts to connect to the
Location, the certificate may appear to be expired. This occurs because the time on the
user's computer may be slightly earlier than the time on the Corente Virtual Services
Gateway where the certificate was created and installed. The certificate will appear valid
once the time on the user's computer has passed the time of the certificate's creation.‖
SSL Chain Certificate
If your CA requires that you install an SSL Chain Certificate (Intermediate Certificate) in addition to the
SSL certificate that the CA has digitally signed, the SSL Certificate Chain page allows you to install this
certificate on your Corente Virtual Services Gateway.
Figure 23: SSL Chain Certificate Administration
Your CA may distribute an SSL Chain Certificate to you along with the signed SSL Certificate. Installing
both of these certificates creates a hierarchical SSL certificate chain for validation.
The purpose of this chain is to provide a replacement for the CA’s root certificate. Certain CAs do not
want to distribute their root certificate to you. SSL validation through the chain is accomplished first by
validating the SSL Certificate through the SSL Chain Certificate, and then through the corresponding root
certificate that is owned by the CA (and not installed on your Location gateway).
Copyright © 2014, Oracle and/or its affiliates. 49 Corente Services SSL Client
Remember that your CA will inform you if an SSL Chain Certificate is needed. To install the certificate,
complete the following steps:
1. Click the IMPORT SSL Chain Certificate button to install the SSL Chain Certificate. On the
Import SSL Chain Certificate page that is displayed, enter the complete path and file name of the
SSL Chain certificate that is stored on your system or use the Browse button to locate this
certificate.
2. Click the Install button. The SSL Services provided by this Location gateway will be momentarily
disrupted while the server is restarted.
To delete this certificate in so that you can install a new one, click the Delete button on the main SSL
Chain Certificate page.
CA Client Certificate
If you are providing two-way digital certificate authentication between the Corente Virtual Services
Gateway and its SSL Client users, you must install a CA certificate on this Corente Virtual Services
Gateway in addition to the SSL certificate. This CA Certificate can be self-signed or obtained from a
trusted CA such as VeriSign (recommended).
Figure 24: CA Client Certificate Administration
The CA Client Certificate page allows you to install a CA Certificate on your Location gateway.
To install a CA Client Certificate, complete the following steps:
1. Click the IMPORT CA Client Certificate button to install the CA Client Certificate. On the Import
CA Client Certificate page that is displayed, enter the complete path and file name of the CA
Client Certificate that is stored on your system or use the Browse button to locate this certificate.
2. Click the Install button. The SSL Services provided by this Location will be momentarily disrupted
while the server is restarted.
Copyright © 2014, Oracle and/or its affiliates. 50 Corente Services SSL Client
Only one CA certificate may be installed on a Location gateway at a time. Information about this
certificate will appear on the CA Client Certificate page.
To delete this certificate in so that you can install a new one, click the Delete button on the main CA
Client Certificate page.
Two-way authentication also requires personal certificates to be imported into the browser of each SSL
client. (These certificates can also be obtained from a trusted CA). The certificates imported into the
client browsers may be in different formats than the Location certificates (i.e., PKCS12).
Additionally, the Require Client Certificate option must be selected on the User Remote Access tab of
the Location form for this Corente Virtual Services Gateway. For more information about enabling this
option, refer to Chapter 5. Configuring SSL Client Access to a LAN (p. 26).
Copyright © 2014, Oracle and/or its affiliates. 51 Corente Services SSL Client
Chapter 2. SSL Log
Note: This page will be unavailable until SSL Client access has been enabled to this Corente
Virtual Services Gateway in App Net Manager.
The Corente Gateway SSL Log page allows you to view the history (up to five days) of logins and
logouts to this Corente Virtual Services Gateway via the SSL Client.
Figure 25: SSL Log
Each entry in this log will present the date and time, the user name that was entered, the IP address of
the computer, and one of the following potential statuses:
Authenticate: The user successfully logged into the SSL Client.
timed out: The SSL Client was left idle by the user and the session expired.
session terminated: The user successfully logged out of the SSL Client.
authentication failure: The login attempt failed due to incorrect user name or password.
Copyright © 2014, Oracle and/or its affiliates. 52 Corente Services SSL Client
Chapter 3. SSL User Report
Note: This page will be unavailable until SSL Client access has been enabled to this Corente
Virtual Services Gateway in App Net Manager.
The Corente Gateway SSL User Report page lists all active SSL Client sessions to this Corente Virtual
Services Gateway. This interface is useful for keeping track of the users that are currently accessing the
Corente Virtual Services Gateway.
Figure 26: SSL User Report
Each entry provides the following information:
User ID: The user name of the SSL Client user.
Source Address: The IP address of the computer connecting via the SSL Client.
Session Duration (HH:MM:SS): The total duration of the current SSL Client session.
Additionally, the total number of current users is displayed at the top of the Active SSL Users section.
Copyright © 2014, Oracle and/or its affiliates. 53 Corente Services SSL Client
IV. Using the SSL Client
This chapter contains information that details how to use the SSL Client. Similar information is provided
to users in the help file that is accessible in this interface.
Copyright © 2014, Oracle and/or its affiliates. 54 Corente Services SSL Client
Chapter 1. Supply Users with Login Information
After you have enabled the SSL Client on a Corente Virtual Services Gateway, granted permissions to
SSL Client users of this Location, and installed an SSL Certificate on this Location gateway, you must
supply each of the users with the following:
the login information that you have created for that user (username/password, RADIUS, or LDAP
login information)
the Visible DNS Name that you have chosen for the Location(s) and the port number (if
applicable) that they will access
the appropriate permissions for the usernames and passwords on the servers that they will
access on the LAN
instructions for configuring their email program to access and send messages over SSL
Additionally, you should make sure that each remote user can connect to the SSL Client with the Visible
DNS Name of Location. If this DNS name will not be available via a public DNS server, you should add
this name to the DNS server at each remote user's location or add an entry to the hosts file of each
user's computer so that this name can be resolved.
For an email template that can be used to supply users with this necessary information, refer to VI.
Appendix: Template for Email to New Users (p. 95).
Copyright © 2014, Oracle and/or its affiliates. 55 Corente Services SSL Client
Chapter 2. Logging In
The SSL Client uses SSL encryption for secure access to the Corente Virtual Services Gateway. When a
user opens the SSL Client by typing https:// and the Visible DNS Name of the Location into their web
browsers (and the SSL Port number, if applicable—see Chapter 5. Configuring SSL Client Access to a
LAN, p. 26), the user may be asked to accept a certificate if the browser does not recognize the
certificate’s source. This certificate has been provided by you via the SSL Certificate interface in the
Gateway Viewer application (see Chapter 1. SSL Certificate, p. 44). The user should confirm the
information that is presented about this certificate and accept it to provide SSL encryption to the Location
gateway.
Additionally, users will be asked to validate a signed applet from Corente during the initial login if you
have enabled certain services for them on the SSL Client Services page (see Chapter 6. SSL Services,
p. 31). Corente provides the ability to certain services via this JAVA applet. The user should verify the
information that is presented and accept the applet.
Note: If the user is using Internet Explorer 7.0 or later, the user will be alerted that the certificate
does not appear to be valid. The user should select Continue Anyway to access the SSL Client.
Homepage
By default, the SSL Client displays a blank homepage upon login. If you have configured another
homepage for users on the Location form, this homepage will be displayed instead (see Chapter 7.
System Homepage and Bookmarks, p. 33, for more information).
Figure 27: SSL Client Default Homepage
Other areas in the application are accessible via buttons displayed across the top of the browser window.
Copyright © 2014, Oracle and/or its affiliates. 56 Corente Services SSL Client
Session Expiration
The session will expire if the users leave the SSL Client window idle, depending on the session timeout
that you have specified (see Chapter 5. Configuring SSL Client Access to a LAN, p. 26). If the session
expires, the user should simply re-login to continue using the SSL Client.
Copyright © 2014, Oracle and/or its affiliates. 57 Corente Services SSL Client
Chapter 3. Browse Web Pages
The SSL Client can be used for secure access to websites within your corporate intranet.
Accessing Web Sites
There are two methods to access a web site via the SSL Client:
In the field labeled Browse, type the URL of the web site. Click Go.
Figure 28: Browse field
While still logged into the SSL Client, the user can type an address directly in the address bar of
the web browser. However, to access the web site, the address must be constructed in the
following way so that the request is routed through the Corente Virtual Services Gateway:
https:// + Location DNS name + /t/ + http:// + website address
Therefore, if a user is accessing http://finances.miami.com via a Corente Virtual Services
Gateway with the DNS name of miami.acme.com:
https://miami.acme.com/t/http://finances.acme.com
System Bookmarks
If you have configured special bookmarks for users on the System Homepage and Bookmarks screen
in the Location form (see Chapter 7. System Homepage and Bookmarks, p. 33), these bookmarks will
appear in the Bookmarks pull-down menu for each SSL Client user. To access the URL of a bookmark,
users must simply select the appropriate bookmark from the menu.
Figure 29: Select a Bookmark
Users can also create their own personal bookmarks that will appear in this menu. For more information,
refer to Creating New Personal Bookmarks (p. 74).
Copyright © 2014, Oracle and/or its affiliates. 58 Corente Services SSL Client
Pages That Cannot Be Accessed
To provide secure browsing of intranet websites, the SSL Client identifies any non-secure URLs that the
user accesses and rewrites them into secure URLs. The Corente SSL Rewrite Engine looks at each
return page and rewrites the URLs on the page to the URL of the secure SSL host. This occurs for
private URLs as well as public URLs. (Note that while it is possible to access public web pages via the
SSL Client, users are recommended to open a new browser window that is not logged in and access
public web pages outside of theSSL Client.)
There are certain cases when the rewrite engine cannot rewrite a page. Users may not be able to access
pages via the SSL Client that use the following:
Ill-formed HTML pages
If there are mistakes in the HTML of the web page, the rewrite engine may fail to rewrite the
URL. This may result in:
Pop-up windows warning that the browser is switching to a non-secure site
The page is displayed as broken, with missing icons or text
Client-side scripts
This includes such scripts as Visual Basic Script (VBScript), Java applets, and certain
JavaScripts. Attempting to access a site that uses these scripts may result in:
Pop-up windows warning that the browser is switching to a non-secure site
The page is displayed as broken, with missing icons or text
Plug-ins (Shockwave, Flash, etc.)
If the user inputs a URL via a plug-in such as Shockwave or Flash, the rewrite engine will have
no knowledge these URL parameters and therefore will not try to rewrite them when the URL
loads. The plug-in objects will try to access the file outside of the SSL Client. This may cause the
browser to seem like it never finished rendering the page or loading the file.
Client-side cookies
Extended Stylesheet Translation Language (XSTL)
Pages that are larger than 150,000 bytes
Due to memory constraints, files that are larger than 150,000 bytes will be loaded into the user’s
browser without SSL encryption.
Generally, if the user is attempting to load an intranet web page that contains any of these, the page will
be inaccessible from a remote location. If the user is attempting to load a public web page, the page will
be sent to the browser outside of the SSL Client.
Additionally, if there is a problem (such as a script error) caused by the SSL Client tool bar that displays
in a frame across the top of the window, the user can display pages without the frame by typing the
modified SSL URL directly in the address bar of the web browser (see Accessing Web Sites, p. 57) for
information on how to form this URL). The user can also try displaying the page in another type of
browser (such as Netscape) to see if the browser was causing the errors.
Copyright © 2014, Oracle and/or its affiliates. 59 Corente Services SSL Client
Applets and Plug-Ins on Web Pages
Even though a user’s browser is able to access an intranet web page over SSL, this does not guarantee
that any applets or plug-ins on the web page will be routed through SSL correctly. If you would like any
applets or plug-ins on pages that SSL Client users will access to be routed correctly over SSL, you must
make sure that the applets are configured to route to localhost. This will ensure that requests made to the
applet or plug-in will be routed via the Corente Virtual Services Gateway and then proxied to the correct
server on the Location gateway’s LAN. For more information on how the SSL Client routes traffic to the
Corente Virtual Services Gateway, refer to Configuring Custom SSL Services (p. 16).
Copyright © 2014, Oracle and/or its affiliates. 60 Corente Services SSL Client
Chapter 4. Browse File
The Browse File interface allows the user to browse the contents of remote networks via a web browser.
If you have not enabled File Browsing for the SSL Client on this Location or for a user group, users will
receive an error message when they attempt to access this page (see Chapter 6. SSL Services, p. 31, for
information on enabling services for users).
Note: The SSL Client does not support file browsing on Windows Vista servers.
Corente Network Access Permissions
The initial Browse File page that is displayed will vary for users depending on whether or not you have
enabled Partner Access for them (see Partner Access, p. 12, and Chapter 10. Configuring SSL Client
Access to Partners, p. 41). The Partner Access service allows the SSL Client users to access the
partners of their host Location.
If you have enabled Partner Access for users, the initial Browse File page will display for them
as shown below. The users will have access to their host Location’s partners.
Figure 30: Browse File (Partner Access)
All Corente Virtual Services Gateways and Corente Clients that the user has been given
permission to access will appear on this interface. The Corente Virtual Services Gateway to
which the user has connected will be highlighted in gray.
Click on the link for a Location ( ). The computers that are accessible to the user on
the Location’s network will be displayed on a new screen. For an example of how each
Location’s network is displayed, see Figure 22.
Click on the link for a client ( ) to browse its shared resources.
If you have not enabled Partner Access for users, the initial Browse File page will display for
them as shown in Figure 22. The users will only be able to access computers on their host
Location’s LAN.
Copyright © 2014, Oracle and/or its affiliates. 61 Corente Services SSL Client
Figure 34: Browse File (no Partner Access)
Windows servers and non-Windows machines running as SMB servers (e.g., Samba) within the
remote network will be displayed with hyperlinks. Computers with hyperlinks will be listed before
the computers without hyperlinks. A machine whose name is not known, e.g., it does not register
in DNS, will be listed by its IP address at the end of the list.
Browse File can only be used to browse files on servers that are listed with hyperlinks.
Logging Into Servers
The user’s web browser will serve as the client that sends all requests to the remote server. This means
that authentication to remote servers will be independent of the user’s SSL Client login or the login that
the user uses to access the local machine.
Depending on each server's configuration, the user may be requested to log in when trying to access a
server or a share resource on the server. After login, access permission to shared folders and files is
based on the privileges that the user has been permitted on that server.
Figure 35: Login Request for Server
Copyright © 2014, Oracle and/or its affiliates. 62 Corente Services SSL Client
Login to the remote servers is persistent. It will be valid for multiple SSL Client sessions, as long as the
server's configuration does not change. As long as the user successfully logs into a server once, the user
can repeatedly connect to the same server without having to log in again, even after logging out of this
SSL Client session and starting a new session.
Some servers allow a user to make connection without a login (i.e., you can connect as an anonymous
user). Nevertheless, an anonymous user may have very limited access permission. The Login button
can be used to explicitly login to such a server as a valid user. This button is available in the upper right
corner of the page that lists the share resources on a server. Additionally, the user can use the Login
button at any time to change the existing login that is currently being used for a server. If the second login
is successful, the new username and password will be used to connect to the server thereafter, until the
user requests to login again.
Browsing Servers
To browse the contents of a server, the user will simply click the hyperlink of the server and login (if
required). The share resources on this server will be listed in the browser window. The user can click on
a share to view its contents.
Figure 36: Shared Folders on Remote Server
If the user clicks on a folder, the contents of the folder will be listed and the folder will become the current
directory.
Figure 37: Contents of Remote Share
Copyright © 2014, Oracle and/or its affiliates. 63 Corente Services SSL Client
By default, the list of files and folders in a directory will be sorted alphabetically by Name, but the user
can click on any of the headings to sort the list by Size, Type, or Date Modified. Folders will always be
listed before files.
The name of the current directory is always displayed as the title of the page at top of the browser
window. To return to a previous directory, the user can click on that directory's name in the current title.
The user can also use the Back folder icon at the top of the page to return to the directory that is
immediately previous to the current directory. To select a new server to explore, click Browse File again
to return to the main Browse File interface.
Figure 38: Returning to a Previous Directory
Note: Computers that have been disconnected from the network will not be removed from the
server list for 30 to 45 minutes. If the user attempts to connect a server that has just
disconnected, the user may receive an error message indicating that the computer is not
available. If this occurs, the user can simply try to connect to the server at a later time.
Downloading Files
The user can open a file within a folder by clicking a file name. Depending on the browser and file type,
the browser may automatically open the file using the appropriate application (e.g., Acrobat Reader for a
.pdf file), or the user may be prompted for further action.
If the user right-clicks the file name, other actions for use with the file will be presented, such as opening
the file in a new window or saving the file to the local disk.
Notes:
If a user clicks a file name and the file does not open, the user should try opening the file in a
new window.
If the user opens a file in the browser window and receives a Security Alert indicating that
the Certificate Issuer for the site is untrusted or unknown, the user should view the certificate
to verify its information and accept it in order to proceed. To avoid the alert in the future, the
user can install the certificate in the browser and add it to the root store.
If the user opens a file in the browser window, the user’s session may expire while the user
is reading the file. This occurs because the SSL Client interface has been left idle. The
session timeout value that you have set controls how long the interface can be left idle
before the user is automatically logged out. If this occurs, the user should simply re-login to
the SSL Client to continue using it.
Copyright © 2014, Oracle and/or its affiliates. 64 Corente Services SSL Client
Uploading Files
To upload a file onto the server, browse to the directory on the server where the file should be uploaded.
Click the Upload button on the upper right corner of the window. A new interface will be displayed for
uploading files.
Type the path and name of the file that is being uploaded in the field labeled File Name or use the
Browse button to browse for the file on the system. Then, in the field labeled Save As, type the name to
save this file as on the server. Click the Submit button.
If the user has the appropriate permissions on the server and the operation is successful, the contents of
the current directory (including the new uploaded file) will be displayed. Otherwise, an error message
describing the problem will be displayed.
The user can click the Reset button to delete any text that has been entered in the fields on this
interface.
Note: If the user is uploading a file and it is taking a long time (e.g., the user is uploading a large
file via a slow connection), the user’s session may expire after the file transfer has been
completed. This depends on the session timeout value set that you have set on the User
Remote Access tab of the Location form for this Location.
If this occurs, the user should simply re-login to the SSL Client to continue using it. The file
should have been successfully uploaded.
Creating New Folders
To create a new folder on the server, browse to the directory where the new folder should be added.
Click the New button on the upper right corner of the window. On the interface that is displayed, type a
name for the folder that is being creating in the field labeled New Folder. Click Submit.
If the user has the appropriate permissions on the server and the operation is successful, the contents of
the current directory (including the new folder) will be displayed. Otherwise, an error message describing
the problem will be displayed.
The user can click the Reset button to delete any text that has been entered in the field on this interface.
Deleting Files and Folders
To delete a folder or file, browse to the directory on the server where the folder/file that should be deleted
is located. Click the Delete button on the upper right corner of the window. A new interface will be
displayed that presents a checkbox beside each folder and file name located within this directory. Select
the checkbox of the item(s) that are being deleted and click the Submit button.
If the user has the appropriate permissions on the server and the operation is successful, the contents of
the current directory will be updated. Otherwise, an error message describing the problem will be
displayed.
Copyright © 2014, Oracle and/or its affiliates. 65 Corente Services SSL Client
While choosing items to delete, the user can click the Reset button to deselect the items that have been
chosen.
Copyright © 2014, Oracle and/or its affiliates. 66 Corente Services SSL Client
Chapter 5. Browse File – Shortcuts
If there are shared folders on servers within your company's Corente network that a user accesses often,
the user can save these shares on the Shortcuts page. Shortcuts displays a users’ favorite shares on a
single page to save time each time that the user needs to access these shares.
Figure 39: Shortcuts
Adding Shortcuts
To add a shared folder to a Shortcuts page, browse to the server where the shared folder is located.
Click the Add button in the upper right corner of the window. A new page will be displayed that presents
a checkbox beside each shared folder name that is located on this server.
Figure 40: Add Shortcuts
Select the checkbox of the shared folders to add and click the Submit button.
The Reset button will clear any checkboxes that have been selected. The Cancel button will return to the
previous page without saving any selections.
A list of Shortcuts is persistent and valid across multiple SSL sessions. It is stored centrally, and is
therefore available from any computer that used by a user to log into the SSL Client. A share will stay in
the Shortcuts list until it is explicitly deleted.
Accessing Shortcuts
To access the Shortcuts page, a Shortcuts link is available on the main page of Browse File as well as
on the subsequent pages that list the servers on each local Corente network. When the link for a server
Copyright © 2014, Oracle and/or its affiliates. 67 Corente Services SSL Client
is clicked, a Shortcuts button will be displayed on the server page that will also open the Shortcuts
page.
The Shortcuts page displays all of the shared files that have been saved as Shortcuts by a user.
Because different servers can have the same shared folder names, the name of the server that provides
the share is listed in the Comment field. The list is sorted alphabetically by server name.
Click on the link for any Shortcut to display a page that lists the shared resources in that shared folder.
Deleting Shortcuts
To remove a shared folder from the Shortcuts page, click the Delete button on the upper right corner of
the Shortcuts page. A new page will be displayed that presents a checkbox beside each shared folder
name that was added to the Shortcuts page. To avoid confusion, as shares on different servers can
have the same name, each shared folder will also list the server on which it is located. Select the
checkbox of the shared folder(s) to remove from the Shortcuts page and click the Submit button.
The Reset button will clear any checkboxes that have been selected. The Cancel button will return to the
previous page without deleting any selections.
Copyright © 2014, Oracle and/or its affiliates. 68 Corente Services SSL Client
Chapter 6. Services
The SSL Services interface allows users to view the services that you have enabled for them on the SSL
Services window of the Location form for this Location (see Chapter 6. SSL Services, p. 31).
When accessing any of these services using another program, the user should leave the browser window
open so that requests are correctly routed via the Corente Applet and SSL. If the session expires, the
user should re-login and repeat the request with the program.
Tip: If File Browsing is enabled, users can use the Browse File interface to view the DNS/WINS
names or IP addresses of the computers that can be accessed with any service provided by
the SSL Client.
Figure 41: SSL Services
Viewing the Services
The SSL Services interface displays the services that are currently enabled for the user.
Service Name: This is the name of the service.
Service Status: This indicates whether or not the service has been enabled for you by your
network administrator.
Listening Port: If the service is enabled for the user, this is the port number on the server
providing this service that will handle requests from the user. The port number will be shown only
if it applies for this service (for example, a port number does not apply for the Local Web
Browsing (HTTP) or File Browsing services.)
Using the Services
Each default service available via the Services screen is described in Chapter 2. Pre-Configured SSL
Services (p. 10). If you create custom services for users (see Configuring Custom SSL Services, p. 16),
Copyright © 2014, Oracle and/or its affiliates. 69 Corente Services SSL Client
they will be listed on this screen as well. You must inform your users how to use custom services and
provide software for the particular service (if necessary).
To use a service listed on this interface, the user must sign into the SSL Client (leaving the browser
window open) and launch the program that uses this service from the desktop. To route requests from
this program via the SSL Client, the user must initially connect to localhost and the Listening Port
number that is specified for this service on the Services page. By connecting to localhost, the user
connects first to the Corente Applet, which connects to the Corente Virtual Services Gateway at the
remote site, which will in turn route all of the requests from the program to the appropriate server on its
LAN.
This method must be used if there is no hyperlink available for this service. When a hyperlink is available,
the user can use the Host Properties dialog box to launch a program.
Host Properties Dialog Box
When a hyperlink is provided for a service, users can launch this service directly from the SSL Client
interface by clicking the hyperlink. A Host Properties dialog box will be displayed that allows the user to
connect to a specified IP address or DNS name. When connecting to a remote machine by its DNS
name, remind users to type "//" before the DNS name.
Figure 42: Host Properties Dialog Box
If the user would like to connect to a machine to which he has connected previously, a history of the last
10 machines that have been used to access the particular service can be displayed by clicking the
History button. The user can simply select a machine from this list and click Open.
If a user would like to configure the Host Properties dialog box to connect using software other than the
default software for a service, click the Advanced button.
Figure 43: Host Properties Dialog Box – Advanced
Copyright © 2014, Oracle and/or its affiliates. 70 Corente Services SSL Client
The Advanced preferences allows the user to choose the program that will be launched when he enters
a WINS/DNS name or IP address and clicks Open to access a remote computer with the service. Select
the Use Custom Application option to specify the new program.
In the field below this option, enter a command line string that will open the program for this service. The
text that is entered in this field is persistent and will be saved over multiple SSL Client sessions, until it is
changed again by the user.
Figure 44: Host Properties Dialog Box – Advanced – Use Custom Application
To create a command line string to open a program, follow these steps:
1. Start with the full pathname to the executable (for example, if opening the TeraTerm SSH program
when it is stored in the Program Files folder on C:, c:\program files\ttermpro\ttssh).
2. Include any options that the command requires (for example, -ssh hostname.domain:22, where
-ssh instructs the TeraTerm program to use SSH to secure the connection and
hostname.domain:22 instructs the program to access the remote machine by using a specific
hostname and domain, on port 22). Note that the command line string must always explicitly
supply the hostname/IP and port address.
3. Replace the hostname/IP with #HOST# and the port number with #PORT# (for example,
c:\program files\ttermpro\ttssh -ssh hostname.domain:22 becomes c:\program files\ttermpro\ttssh -
ssh #HOST#:#PORT#, where #HOST#:#PORT# informs the program that input is needed for
certain variables (it will use the port number settings that your administrator has set for VNC, and
the IP address that is entered in the Open a connection to field).
The SSL Client can supply the value for the following variables in the command line string:
#HOST#, PORT#, #REMOTE_HOST#, and #REMOTE_PORT#. All variables must be surrounded
by the pound sign (#). If you specify another variable in the string, you will be prompted to input the
value for this variable as the connection is made.
4. Surround the command line string in quotation marks (") if any directories or files within the
pathname contain space(s) (for example, because the program is stored in the Program Files
folder, you would enter "c:\program files\ttermpro\ttssh -ssh #HOST#:#PORT#").
Note: If the command is incorrect or the program not found, when the user clicks Open to open the
program, the user will be re-prompted with the Host Properties dialog box and must click the
Advanced button again to correct the command line string.
Copyright © 2014, Oracle and/or its affiliates. 71 Corente Services SSL Client
Remember that the command line string placed in the Use Custom Application field will be run on the
system with the permissions that are granted to the local system login. Make sure the user understands
the command line string that is created and the program that is being launched, so that the proper
outcome will be produced. In general, if the user does not understand how to form the string, the user
should not use the Advanced preferences to open the program.
Corente provides default software for VNC, telnet, and SSH. When using a custom service, the Use
Custom Application option will be selected by default and cannot be unselected. The user must supply
a command line string if he would like to open the program directly from the SSL Client interface.
Command Line Strings for Specific Programs
The following are examples of command line strings for default services provided by the SSL Client. In
general, it is a good idea to install the software that will be used with the SSL Client in the Program Files
folder of the system so that the command line strings are simple to form.
VNC Viewer software for Desktop Access: If the user downloads the VNC viewer software
only (and not the server software), there is no installation process to load it onto the system. The
user may want to move the program to c:\program files\realvnc\vncviewer.exe, so that the
following example command line string can be used to open the program: "c:\program
files\realvnc\vncviewer" #HOST#:#PORT#.
TeraTerm software for Telnet: If the user uses TeraTerm for telnet and installs the program in
the Program Files folder, an example of the command line string used to open the program
would be: "c:\program files\ttermpro\ttermpro" #HOST#:#PORT#.
TeraTerm software for SSH: If the user uses TeraTerm for SSH and installs both the program
and the SSH component in the Program Files folder, an example of a string that can be entered
in this field is: "c:\program files\ttermpro\ttssh" -ssh #HOST#:#PORT#.
Accessing Email via the SSL Client
The SSL Client can be used to retrieve email from an SMTP, IMAP, and/or POP3 mail server on the
remote network. The chapter titled V. Configuring Email Programs for use with the SSL Client (p. 76)
contains step-by-step procedures for configuring three popular email programs for use with the SSL
Client.
When accessing email with an email program, the user should leave the browser window open so that
email requests are correctly routed via SSL. If the session expires, the user should re-login and repeat
the email request.
If users configure their email programs to automatically check for new messages from the mail server,
they should make sure that the interval for checking for messages is less than the session timeout period
that you have administered for the SSL Client (see Chapter 5. Configuring SSL Client Access to a LAN,
p. 26).
In general, users’ email programs should be configured to retrieve email via:
Copyright © 2014, Oracle and/or its affiliates. 72 Corente Services SSL Client
Protocol: either IMAP, POP3, and/or SMTP
IP Address: localhost
Port Number: the Listening Port number of the protocol
The email programs should be configured to send email via:
Protocol: SMTP
IP Address: localhost
Port Number: the SMTP Listening Port number
Copyright © 2014, Oracle and/or its affiliates. 73 Corente Services SSL Client
Chapter 7. User Preferences
The User Preferences interface allows users to create their own intranet web site bookmarks for
facilitated browsing and (if applicable) change their SSL Client password.
Figure 45: User Preferences
Changing a Password
If you have enabled Local Authentication for users (see Chapter 3. Creating SSL Client Accounts for
Users, p. 19), the Change Password page will be available. Users will not be able to change their
password via the SSL Client when External Authentication is used. If you have configured both a
Corente Client account and an SSL Client account for this user using the same username and password,
this interface will change the password for the SSL Client account only.
Figure 46: Change Password
The Change Password page allows the user to change the password for his/her SSL Client account.
Old Password: For verification purposes, type the current password in this field.
New Password: Type a new password in this field. The required length of the password will vary
depending how certain settings have been configured by your administrator, but it must contain
at least one each of the following:
one numeric character
one uppercase letter
Copyright © 2014, Oracle and/or its affiliates. 74 Corente Services SSL Client
one lowercase letter
Confirm New Password: To avoid mistakes, type the new password again in this field.
Click Change to save changes to the password. The Reset button will clear any text that has been
entered into the fields on this page.
Bookmarks
The Bookmarks page will display all of the intranet web page bookmarks that have been saved for an
account.
Figure 47: Bookmarks
The Personal Bookmarks section displays all of the bookmarks that have been created by that user. For
more information on how users can create new bookmarks, refer to the Creating New Personal
Bookmarks section below.
If you have configured bookmarks for users (see Chapter 7. System Homepage and Bookmarks, p. 33),
these bookmarks will appear in the System Bookmarks section.
Users can access any of the bookmarks on this screen by clicking the appropriate bookmark's link.
These bookmarks are also available on the Bookmarks pull-down menu that is available on all pages of
the SSL Client.
Creating New Personal Bookmarks
If users access the same intranet web sites repeatedly via the SSL Client that you have not saved for
them as System Bookmarks, they can create their own bookmarks on this interface and save them for
future use.
To define a new bookmark, complete the following steps:
Copyright © 2014, Oracle and/or its affiliates. 75 Corente Services SSL Client
1. Click the link labeled Enter New Bookmark. The Bookmark Entry interface will be displayed.
Figure 48: Enter New Bookmark
2. Enter a name for the new bookmark in the field labeled Bookmark Name and an http address in
the field labeled URL.
3. Click Submit.
The new bookmark will now appear in the Personal Bookmarks section of the Bookmarks page.
Simply click the bookmark link to be taken to the web page. The bookmark will also appear in the
Bookmarks pull-down menu.
To delete an existing personal bookmark, click the link labeled (delete) that appears next to it in the SSL
Web Bookmarks section.
Copyright © 2014, Oracle and/or its affiliates. 76 Corente Services SSL Client
V. Configuring Email Programs for use with the SSL Client
The information in this section can be used to walk users step-by-step through setting up several email
programs for use with the SSL Client. Instructions are provided for the following programs:
Outlook 2003
Outlook 2007
Outlook Express
Copyright © 2014, Oracle and/or its affiliates. 77 Corente Services SSL Client
Chapter 1. Setting up Outlook 2003 for use with the SSL Client
To use Microsoft Outlook 2003 with the SSL Client, users will need to set up a new account that will
access their email on the remote server. You should provide users with an account name and password
(if they will be accessing a new account).
Instruct the user to complete the following:
1. Open Outlook. Under the Tools menu, select Accounts.
2. On the interface that is displayed, select the Add button. On the menu that appears, select Mail.
3. On the first screen, enter your name and click Next.
Figure 49: Your Name
Copyright © 2014, Oracle and/or its affiliates. 78 Corente Services SSL Client
4. Enter the email address that will be seen by others as your reply-to address and click Next.
Figure 50: Internet E-mail Address
Copyright © 2014, Oracle and/or its affiliates. 79 Corente Services SSL Client
5. Select the protocol that your company uses for incoming mail. If you are not certain which is
used, ask your administrator.
In the field labeled Incoming mail (POP3 or IMAP), enter localhost.
In the field labeled Outgoing mail (SMTP) server, enter localhost.
Click Next.
Figure 51: E-mail Server Names
6. In the field labeled Account name, enter the login name for your email account.
In the field labeled Password, enter the password for your email account.
Select whether or not you would like Outlook to remember this information.
Leave Log on using Secure Password Authentication unchecked, unless it is required by
your local ISP.
Click Next.
Copyright © 2014, Oracle and/or its affiliates. 80 Corente Services SSL Client
Figure 52: Internet Mail Logon
7. Select the method that you are using to connect to the Internet and click Next.
Figure 53: Internet Connection
8. Click Finish.
Copyright © 2014, Oracle and/or its affiliates. 81 Corente Services SSL Client
Figure 54: Finish
9. You will now see an entry on the Internet Accounts screen for your new account.
Figure 55: New Account
Note: If your network administrator has informed you that your company’s mail server is using a non-
standard port number to listen for email requests, complete the following configuration to your
new email account:
10. Select the account that you just created and click the Properties button. Then select the
Advanced tab.
Copyright © 2014, Oracle and/or its affiliates. 82 Corente Services SSL Client
11. In the section labeled Server Port Numbers, enter the new port number in either the Outgoing
mail field (for SMTP) or the Incoming mail field (for POP3 or IMAP).
12. Click OK.
Figure 56: Changing Port Numbers
Copyright © 2014, Oracle and/or its affiliates. 83 Corente Services SSL Client
Chapter 2. Setting up Outlook 2007 for Use With the SSL Client
To use Microsoft Outlook 2007 with the SSL Client, users will need to set up a new account that will
access their email on the remote server. You should provide users with an account name and password
(if they will be accessing a new account).
Instruct the user to complete the following:
1. Open Outlook 2007. Under the Tools menu, select Account Settings.
2. Under the Email tab on the interface that is displayed, select the New button.
3. On the first screen, make sure Microsoft Exchange, POP3, IMAP, or HTTP is chosen. Click
Next.
Figure 57: Choose Email Service
4. Select Manually configure server settings or additional server types and click Next.
Copyright © 2014, Oracle and/or its affiliates. 84 Corente Services SSL Client
Figure 58: Auto Account Setup
Copyright © 2014, Oracle and/or its affiliates. 85 Corente Services SSL Client
5. Make sure Internet E-mail is selected and click Next.
Figure 59: Choose E-mail Service
6. On the next screen, fill out the fields as follows:
Your Name: Enter your name.
E-mail Address: Enter the email address that will be seen by others as your reply-to
address.
Account Type: Select the protocol that your company uses for incoming mail. If you are not
certain which is used, ask your administrator.
Incoming mail server: Enter localhost.
Outgoing mail server (SMTP): Enter localhost.
User Name: Enter the login name for your email account.
Password: Enter the password for your email account. Select whether or not you would like
Outlook to remember this password.
Require logon using Secure Password Authentication (SPA): Leave unchecked, unless
it is required by your local ISP.
Click Next.
Copyright © 2014, Oracle and/or its affiliates. 86 Corente Services SSL Client
Figure 60: Internet E-mail Settings
7. Click Finish.
Figure 61: Finish
Copyright © 2014, Oracle and/or its affiliates. 87 Corente Services SSL Client
8. You will now see an entry on the Internet Accounts screen for your new account.
Figure 62: New Account
Note: If your network administrator has informed you that your company’s mail server is using a non-
standard port number to listen for email requests, complete the following configuration to your
new email account:
9. Select the account that you just created and click the Change… button. Then select the More
Settings button. On the window that is displayed, select the Advanced tab.
10. In the section labeled Server Port Numbers, enter the new port number in either the Incoming
mail field (for POP3 or IMAP) or the Outgoing mail field (for SMTP).
Copyright © 2014, Oracle and/or its affiliates. 88 Corente Services SSL Client
Figure 63: Internet Email Settings
11. Click OK.
Copyright © 2014, Oracle and/or its affiliates. 89 Corente Services SSL Client
Chapter 3. Setting up Outlook Express for use with the SSL
Client
To use Microsoft Outlook Express with the SSL Client, users will need to set up a new account that will
access their email on the remote server. You should provide users with an account name and password
(if they will be accessing a new account).
Instruct the user to complete the following:
1. Open Outlook. Under the Tools menu, select Accounts.
2. On the interface that is displayed, select the Add button. On the menu that appears, select Mail.
3. On the first screen, enter your name and click Next.
Figure 64: Your Name
Copyright © 2014, Oracle and/or its affiliates. 90 Corente Services SSL Client
4. Select the first option. Enter the email address that will be seen by others as your reply-to
address and click Next.
Figure 65: Internet E-mail Address
Copyright © 2014, Oracle and/or its affiliates. 91 Corente Services SSL Client
5. Select the protocol that your company uses for incoming mail. If you are not certain which is
used, ask your administrator.
In the field labeled Incoming mail (POP3, IMAP, or HTTP), enter localhost.
In the field labeled Outgoing mail (SMTP) server, enter localhost.
Click Next.
Figure 66: E-mail Server Names
Copyright © 2014, Oracle and/or its affiliates. 92 Corente Services SSL Client
6. In the field labeled Account name, enter the login name for your email account.
In the field labeled Password, enter the password for your email account.
Select whether or not you would like Outlook to remember this information.
Leave Log on using Secure Password Authentication unchecked, unless it is required by
your local ISP.
Click Next.
Figure 67: Internet Mail Logon
7. Click Finish.
Copyright © 2014, Oracle and/or its affiliates. 93 Corente Services SSL Client
Figure 68: Finish
8. You will now see an entry on the Internet Accounts screen for your new account.
Figure 69: New Account
Note: If your network administrator has informed you that your company’s mail server is using a non-
standard port number to listen for email requests, complete the following configuration to your
new email account:
Copyright © 2014, Oracle and/or its affiliates. 94 Corente Services SSL Client
9. Select the account that you just created and click the Properties button. Then select the
Advanced tab.
10. In the section labeled Server Port Numbers, enter the new port number in either the Outgoing
mail field (for SMTP) or the Incoming mail field (for POP3 or IMAP).
11. Click OK.
Figure 70: Changing Port Numbers
Copyright © 2014, Oracle and/or its affiliates. 95 Corente Services SSL Client
VI. Appendix: Template for Email to New Users
Corente recommends that you send emails to new users that notify them when you have created SSL
Client accounts for them. This email should contain all the necessary information that will allow them to
connect via the SSL Client and use the services on the LAN that you have enabled for them.
An email template is provided below that can be used for new user notification. In addition, you can cut
and paste the instructions from the chapter of this titled V. Configuring Email Programs for use with the
SSL Client (p. 76) if you would like to provide users with detailed information on how to configure their
email program(s) to access email via the SSL Client.
Email Template
Greetings! Your network administrator has created an SSL Client account for you. This account can
allow you to browse the contents of servers, access your corporate desktop, connect to intranet websites,
and access your corporate email using a secure SSL connection to the Corente Virtual Services Gateway
located on your office network. All you will need is a web browser with JAVA enabled and a connection to
the Internet.
1. To access the LAN to which you have been granted permission, type the following in the address bar
of your web browser:
https://
2. You may be asked to accept a certificate in order to proceed to the SSL-encrypted SSL Client
interface. Verify the information for this certificate and accept it in order to login.
3. When the login interface appears, enter the following information:
Your Username:
Your Password:
4. If your administrator has enabled access to certain services for you, you may be asked to accept an
applet upon login to the SSL Client. Please accept the applet in order to access the services that have
been enabled for you via the SSL Client.
5. Once you have logged in, click the Services button to learn what services your administrator has
allowed you to use with the SSL Client. Click the Help button to learn how to use these services. The
help file also provides instructions on how to configure your email program to access your email via SSL.
6. If you have any problems, contact your administrator.
Copyright © 2014, Oracle and/or its affiliates. 96 Corente Services SSL Client
Index
App Net Manager, 7, 14 Location form. See Location form
applications how the SSL Client works with user applications,
16
authentication configuring, 29–30, 40 LDAP, 29, 38–40 local, 29, 31 RADIUS, 29, 37–38
bookmarks, 33–34, 57 Browse File. See file browsing Browse Web. See local web browsing CA certificates, 27 CA client certificates, 49–50 Corente Client, 6 Corente Services Gateway
enabling SSL Client access to, 26–30 Corente SSL applet, 16, 55 custom SSL services, 15–18
deleting, 18 modifying, 18 requirements, 16
email, 11 enabling SSL Client access, 26–30 failed login attempts, 28 file browsing, 10, 60–65
browsing servers, 62–63 creating new folders, 64 deleting files and folders, 64 downloading files, 63 logging into servers, 61–62 shortcuts, 66–67 uploading files, 64
firewalls, third-party, 28 Gateway Viewer, 43
SSL Certificates, 44–50 SSL Log, 51 SSL User Report, 52
homepage, 33–34, 55 Internet Explorer 7.0, 55 Java, 7 LDAP authentication, 29
configuring, 38–40
local authentication, 29, 31 local web browsing, 10–11, 57–59
applets and plugins, 59 pages that cannot be accessed, 58
Location form User Remote Access tab, 41
log of active SSL Client connections to the gateway, 52
log of SSL Client connections, 51 Partner access, 12, 41–42, 60 partners
configuring SSL Client access to partners, 41–42 proxy server, 8 RADIUS authentication, 29
configuring, 37–38
requirements, 7–9 mail servers, 8 on the LAN of the Location gateway, 7 on user's computer, 9
session timeout, 28, 56 shortcuts, 66–67 SSH, 11 SSL authorized groups, 35–36 SSL certificates, 7, 44–50, 55
chain certificates, 48–49 creating a self-signed certificate, 47–48 generating a CSR, 46 installing CA client certificates, 49–50 installing on the gateway, 44–50 obtaining a CA-signed certificate, 46
SSL Client homepage, 33–34, 55 logging in, 55 requirements, 7–9
SSL client groups, 21, 23–25 creating, modifying, and deleting, 23–25
SSL Log, 51 SSL Services, 10–12, 15–18, 28
configuring permissions for on a Location, 31–32 creating, modifying, and deleting custom services,
15–18 email, 11 file browsing, 10, 60–65 local web browsing, 10–11, 57–59
applets and plugins, 59 pages that cannot be accessed, 58
Partner access, 12 screen on SSL Client interface, 68–72 SSH, 11 telnet, 11 VNC, 10
SSL User Report, 52 System Homepage and Bookmarks, 29, 33–34 telnet, 11 TeraTerm, 11 user accounts, 19–22 User Remote Access tab, 41
Copyright © 2014, Oracle and/or its affiliates. 97 Corente Services SSL Client
Visible DNS Name of Location, 8, 28, 46, 54 VNC, 10
Windows Vista, 60
Copyright © 2014, Oracle and/or its affiliates. 98 Corente Services SSL Client
Additional Support
For additional support for Corente:
Access the Corente Documentation webpage Go to http://www.corente.com/documentation to download any of the Corente manuals for the current release.
Contact Corente Customer Operations Go to http://www.oracle.com/support for information about ways to obtain support for Corente
Services in your area.
Copyright © 2014, Oracle and/or its affiliates. 99 Corente Services SSL Client
Oracle Legal Notices
Copyright Notice
Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
License Restrictions Warranty/Consequential Damages Disclaimer
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
Warranty Disclaimer
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
Restricted Rights Notice
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
Copyright © 2014, Oracle and/or its affiliates. 100 Corente Services SSL Client
Hazardous Applications Notice
This software or hardware is developed for general use in a variety of information management appl ications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Third-Party Content, Products, and Services Disclaimer
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
Alpha and Beta Draft Documentation Notice Disclaimer
If this document is in preproduction status: This documentation is in preproduction status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.
www.corente.com