Administration Guide › Tools to Manage CA Directory › DSA Console › Secure the DSA Console with TLSclient

Secure the DSA Console with TLSclient

The TLSclient utility establishes an encrypted tunnel between the remote console client and the DSA. This keeps the session secure. We recommend that you use TLSclient.

To set up TLSclient to work with the DSA Console

1. Stop the DSA.
2. Create the TLSclient configuration file and include the following line in the file:

   inPort outPort remoteAddress
   

   In this line, the variables stand for the following:

   inPort

   The port on the client computer that is used for tunneling.

   outPort

   The remote-console-port on the server.

   remoteAddress

   The host name of the server running the console you want to connect to.

   Here is an example for the sample Democorp DSA running on the server computer:

   19390 19395 hostname.ca.com
   

3. Save the new file on the client computer in this location: DXHOME/config/tlsclient/tlsclient.cfg.
4. Configure a DSA Console Using DXmanager.
5. Install and start the TLS client:
   1. Install TLSclient to the system services using the following command:

      tlsclient install tlsclient-server-name -ca certificate-file
      

   2. Start the TLSclient instance using the following command:

      	tlsclient start tlsclient-server-name
      

6. Start the DSA.
7. Test the connection:
   1. Open a Telnet window on the client computer.
   2. Connect to the inPort (defined in tlsclient.cfg) on the local computer.
   3. In the Democorp sample, this is 19390.
   4. Enter the console password when prompted.

      You now have a fully-functioning SSL-encrypted connection to the console on the server computer.

8. Verify that the connection works correctly:
   1. Start TLSclient with the debug option.
   2. On the DSA set tracing on using the following command:

      trace full;
      

   3. Use a packet-snooping application.