GEORGIA SOFTWORKS
Contents
1. Courier This font represents anything you must type lt enter gt This represents the enter key vii GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL This Page Left Intentionally Blank GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Features at a Glance Very Secure Connection Alternative Georgia SoftWorks SuperSSL e Very Strong Encryption e Optionally require client software to present specific certificates e Import your own certificates for the SuperSSL e Configure Certificate Revocation Lists e Flexible port assignment Use a different port than 992 e Optionally instruct SuperSSL not to expect the client to use Telnet e Specify SSL TLS re negotiations for increased security Compatibility Works GREAT with e Georgia SoftWorks UTS Telnet Server e Georgia SoftWorks Pocket 2002 PC Telnet Clients e Compatible with SSL Enabled Telnet Clients ex Kermit 95 Cryptographic Version 2 0 Naurtech etc GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL SuperSSL Quick Start 7 The 5 steps below are a quick reference for securing GSW Telnet Server connections with SuperSSL Run the SuperSSL setup self extracting executable gswssl exe on the computer running the GSW Telnet Server Accept all defaults Register the software to obtain a trial serial number for activation Are you using a SSL Enabled Telnet Client Configure the SSL Install STUNNEL Enabled Client to point to in the2. You can initiate an email to sales support or registration from the general tab as well as visit the Georgia SoftWorks web site You should visit the GSW web site for new versions of SuperSSL that you can download free for the duration of your subscription 21 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Service Tab The Service Tab provides configuration associated with the SuperSSL service The configuration areas associated with the service are e TCP IP Port Number Specifies the Port Number to use for SuperSSL e SSL Renegotiate Enables and configures or Disables SSL renegotiation capability e Identity Specifies the path to the GSW Certificate and private key x General Service Clients Server TCP IP Identity Port 1994 GSW Tunnel Certificate C Program Files Georgia Softw orksiSupersSL Browse Import private key m SSL Renegotiate Do not use SSL renegotiation capability C Renegotiate the SSL session every 00 x 10 thousand bytes sent to the client Cancel Apply Figure 23 Configuration Service Tab 22 GEORGIA SOFTWORKS SUPERSSL TCP IP Port OCTOBER 16 2006 The TCP IP Port number specifies the port on which SuperSSL will listen Typically the default port for SSL is 443 The default port for GSW SuperSSL is port 992 However you may specify any port This is the standard port number for SSL telnet assigned by the Internet Assigned Numbe
3. Revocation List CRL select the option Use this CRL file And browse to and select the file that contains the CRL Click OK 28 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Trusted Certificate Authorities CAs When looking up CA certificates SuperSSL will first search the certificates in CA file then those in CA hash directory Certificate matching is done based on the subject name the key identifier 1f present and the serial number as taken from the certificate to be verified If these data do not match the next certificate will be tried If a first certificate matching the parameters is found the verification process will be performed no other certificates for the same parameters will be searched in case of failure de SuperSSL Configuration General Service Clients Server m Security policy Trusted Certificate Authorities CAs C Do not use a CA file Use this CA file Client certificate is required ese Files Georgia SoftWorks SuperSSL C Client certificate is required and must match one of certificates lr asl ad i sb Browse located in this hash directory C Program Files Georgia SoftWorks SuperSSL Browse Do not use a CA hash directory Use this CA hash directory r Certificate Revocation List CRL C Program FileskGeorgia SoftWorks SuperSSL Browse Do not use CAL C Use this CRL file C Program Files
4. Selecting the option Client certificate is required requires that the Client have a certificate You can also specify that the client certificate is required and 1t must match one or more certificates stored in a hash directory Selecting the corresponding option enables the directory navigation button allowing you to specify the hash directory that contains the certificates that the client certificate must match 27 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Certificate Revocation List Specify the certificate revocation list de SuperSSL Configuration General Service Clients Server m Security policy Trusted Certificate Authorities CAs o BEN TTE PUR C Do not use a CA file Use this CA file C Program Files Georgia SoftWorks SuperSSL Browse Client certificate is required Client certificate is required and must match located in this hash directory Do not use a CA hash directory C Use this CA hash directory r Certificate Revocation List CRL C Program Files Georgia SoftWorks SuperSSL Browse Do not use CAL C Use this CRL file C Program Files Georgia SoftWorks SuperSSL Browse Cancel Apply Figure 29 Configuration Clients Tab Certificate Revocation List The Certificate Revocation List is a list of previously issued certificates that the authority no longer considers valid To configure the Certificate
5. registration screen this information and fax to Georgia SoftWorks 706 265 1020 19 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Once Georgia SoftWorks receives the information we can generate a Serial Number on demand We will reply back via Fax or email You may close the registration program at this time 3 When the Serial Number is provided Run the Registration Program again and enter the Serial Number The easiest method to get the serial number is to highlight the returned Serial Number and copy ctrl c Then position the mouse in the Serial Number field in the Registration Information box and paste ctrl v N Georgia SoftWorks Product Registration Yer 1 19 00 0001 x r Customer information m Product information Name Seth Secure Name osw_sssL Company ACME Secure Data Systems Version 1 30 Street Address1 Lc Product ID Street Address2 3CF 4AF GF 7 40D CABS4E7 7 032ASAF GE547E9D47D17D346 City Dawsonville State GA Zip 30534 Registration information Country USA Please enter your serial number in the window below and click on the Register button Phone 706 265 1018 Fax 706 265 10120 D25EEAFSABOBS4F3089A5EE210BE6B8B3BFE632CEDD8 Purchased From Georgia SoftWorks Expiration date Not set Free updates until Wednesday December 31 2003 Savetofile Print Hw Key Ej Figure 20 Registration Serial Number Applied 4 Click Register ETC x A
6. the software that will be your primary application to use with Telnet SSH2 in the Application software field Examples could be SAP QAD Catalyst System Administration etc N Georgia Soft Works Product Registration Ver 1 19 00 0001 Customer information m Product information Name Seth Secure Name GSW_SSSL Company ACME Secure Data Systems Version 1 30 Street Address1 17 Hwy 9 South Product ID Street Address2 3CF4AF6F 740DCAB84E77032A8AF6E547E9D47D17D346 City Dawsonville State GA Zip 30534 Registration information Country USA Please enter your serial number in the window below and click on the Register button Phone 706 265 1018 Fax 706 265 10120 I Purchased From Georgia SoftvVarks Expiration date Not set Free updates until Wednesday December 31 2003 Parameter D Register Save to file Print Figure 19 Registration User Information 2 The registration information must be provided to Georgia SoftWorks to obtain the Serial Number Several methods are available for your convenience a Save the information to a file and email it to Georgia SoftWorks Preferred method OR b Print the information and Fax it to Georgia SoftWorks Please save using the Save to file button on the registration screen this information to a file and email to Georgia SoftWorks registration georgiasoftworks com OR Please print using the Print button on the
7. CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE SUCH PROGRAMS OPENSOURCE This Product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org COPYING WHILE YOU ARE PERMITTED TO MAKE BACKUP COPIES OF THE SOFTWARE FOR YOUR OWN USE AND PROTECTION YOU ARE NOT PERMITTED TO MAKE COPIES FOR THE USE OF ANYONE ELSE LICENSE YOU ARE LICENSED TO RUN THIS SOFTWARE ON A SINGLE WINDOWS NT XP 2000 2003 SYSTEM THE GEORGIA SOFTWORKS SUPERSSL SOFTWARE MAY BE INSTALLED ON A SINGLE WINDOWS NT XP 2000 2003 SYSTEM This Page Left Intentionally Blank Table of Contents FLOATING LICENSE OVERVIEW svssssiscosevsenseduessecesevocesevacasyoseubcdecouseats eR Ht e dee eet 12 Floating License Hardware Key Installation Instructions eene 13 Uninstall Floating License Hardware Key esee eee nre nennen ener 17 REGISTRATION VIA SOFTWARE SERIAL NUMBER coconooconncononncnnnnnorononccnnonnonananannonononenononnonoranan inneren nne 18 How to Register the Software eese ttti eredi stootte isasara reisse Erro de Pea be eite 18 GENERAL TAB E es i 21 SERVICE TAB a tene 22 TCP IP Port 25 23 SSE REN CS OFA A es 23 SuperSSL LA a 24 Private La AR E NN 25 CLIENTS TAB ie 26 A POLICY x 5 5 NR 27 Certificate REVOCATION Eist ete ee p ee t e e eee et et ete 26 Trusted Certificate Authorities CAs Trusted Certificates Hash D
8. FTWORKS OCTOBER 16 2006 SUPERSSL Server Tab The Server Tab provides configuration associated with the Server The configuration areas associated with the Server are e Connection Parameters The IP Address and the Port Number for the Telnet Server e Server Type Fully Utilize the GSW Telnet Server capabilities when used with SuperSSL AUTH RFC2941 Option Enable Disable option SuperSSL Configuration General Service Cherts Server Connection Address HAN Port 2300 Server Type C Do not use GSW Telnet Server capables Use GSW Telnet Server capabilities Do not negotiste the AUTH option RFC2941 C Negotiate the AUTH option RFC2341 Figure 32 Configuration Server Tab Connection This is where the IP Address of the Server and the Port Number is specified Please note that the default settings point to the local telnet server port 32 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Server Type 27 SuperSSL Configuration General Service Chents Server Connection Address C Donot use GSW Telnet Server capables Use GSW Telnet Server capabdiies Do not negotiste the AUTH option RFC2941 C Negotiate the AUTH option RFC2941 Figure 33 Server Tab Server Type The Server Type has two sets of options for configuration The first is the GSW Telnet Server Capabilities e GSW Telnet Server Capabilities Typically when a telnet server is used with
9. GEORGIA SOFTWORKS SuperSSL for Windows NT XP 2000 2003 User Manual THIS PAG T INT ENTIONALLY Lj EFT BLANK GEORGIA SOFTWORKS SuperSSL Copyright 2002 2006 Georgia SoftWorks All Rights Reserved Public Square 17 Hwy 9 South PO Box 729 Dawsonville Georgia 30534 Telephone 706 265 1018 Fax 706 265 1020 http www georgiasoftworks com Copyright O Georgia SoftWorks 1997 2006 All Rights Reserved User s Manual Version 1 31 Oct 16 2006 Microsoft Windows Windows XP Windows 2000 Windows 2003 Windows NT Windows 98 Windows 95 are trademarks of Microsoft Corporation SAP SAPConsole are trademarks of SAP AG Naurtech Kermit Thawte Verisign Entrust are trademarks of respective companies THIS PROGRAM IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE LICENSOR MAKES NO WARRANTIES OR REPRESENTATIONS EXPRESS OR IMPLIED ORAL OR WRITTEN REGARDING THE PROGRAM OR DOCUMENTATION AND HEREBY EXPRESSLY DISCLAIMS ALL OTHER EXPRESS OR IMPLIED WARRANTIES INCLUDING MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE LICENSOR DOES NOT WARRANT THE PROGRAM WILL MEET YOUR REQUIREMENTS OR THAT ITS OPERATION WILL BE UNITERRUPTED OR ERROR FREE IN NO EVENT WILL GEORGIA SOFTWORKS BE LIABLE TO YOU FOR ANY DAMAGES INCLUDING ANY LOST PROFITS LOST SAVINGS OR OTHER INCIDENTAL OR
10. Georgia SoftWorks SuperSSL Browse Apply Cancel Figure 30 Configuration Clients Tab Trusted Certificate Authorities Trusted Certificate Authorities is the list of certificate issuers that you want SSL to trust The options available are e Not use Trusted Certificate Authority file o Select this option when you do not want to use a Trusted Certificate Authorities file e Use Trusted Certificate Authorities file o If this option is selected then the path to the file should be identified and entered 29 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL If CA file is specified it points to a file of CA certificates in PEM format The file can contain several CA certificates identified by sequences such as BEGIN CERTIFICATE CERTIFICATE CA certificate in base64 encoding END CERTIFICATE CERTIFICATE Before between and after the certificates text is allowed which can be used e g for descriptions of the certificates 30 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Trusted Certificates Hash Directory de SuperSSL Configuration General Service Clients Server m Security policy rusted Certificate Authorities CAs Do not use a CA file Use this CA file je Program Files Georgia SoftWorks SuperSSL Browse C Client certificate is required Client certificate is required and must match one o
11. LADDIN KNOWLEDGE SYSTEMS LTD HASP HL Device Driver LICENSE AGREEMENT IMPORTANT INFORMATION PLEASE READ THIS AGREEMENT CAREFULLY BEFORE DOWNLOADING OR INSTALLING THE SOFTWARE PROGRAM ALL ORDERS FOR AND USE OF THE HASP HL Device Driver including any revisions corrections modifications enhancements updates and or upgrades thereto hereinafter Software SUPPLIED BY ALADDIN KNOWLEDGE AVATEA TTD ne err ef o SFR Scan laithar af them rafarrad ta an accept the license agreement lt Back Cancel Figure 14 Floating License License Agreement 14 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Lo End User License Agreement ALADDIN KNOWLEDGE SYSTEMS LTD HASP HL Device Driver LICENSE AGREEMENT IMPORTANT INFORMATION PLEASE READ THIS AGREEMENT CAREFULLY BEFORE DOWNLOADING OR INSTALLING THE SOFTWARE PROGRAM ALL ORDERS FOR AND USE OF THE HASP HL Device Driver including any revisions corrections modifications enhancements updates and or upgrades thereto hereinafter Software SUPPLIED BY ALADDIN KNOWLEDGE VOTEN TTI ne Aer of ate afAlinatan lathar af thom rafarrad ta an do not accept the license agreement lt Back Install gt Cancel Figure 15 Floating License Accept License Agreement Read the license agreement and select I accept the license agreement and then Click Install 5 An installation status progress meter is quickly displayed and when the status gathered is comp
12. N Registration successful Figure 21 Registration Successful Screen Now the software is registered You may now run the Georgia SoftWorks SuperSSL Note that you will be able to obtain Free Updates until the date specified IMPORTANT READ SYSTEM SIGNATURE CHAPTER AT END OF MANUAL PAGE 35 1 This is during normal business hours Eastern Standard Time Emails registrations are checked periodically on weekends 20 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Configuration Once the GSW SuperSSL is installed and registered it is ready to use However you may want to take advantage of the flexibility or increase security by using the SuperSSL configuration utility You will need to restart the SuperSSL service after any configuration values described in this section are modified General Tab Open the SuperSSL Configuration utility Your screen will be similar to the figure below 22 SuperSSL Configuration General Service Cherks Server www georgiasoftworks com Georgia SoftWorks PO Box 567 17 Hwy 9 South Dawsonville GA 30534 USA Telephone 706 265 1018 Credits Fux 706 265 1020 Saks This product includes software developed by the OpenSSL Project Support aaoo com for use in the OpenSSL Toolkit http www openssl org Figure 22 Configuration General Tab The General Tab provides information such as the SuperSSL version that you have installed as well as contact information for Georgia SoftWorks
13. SSL all the telnet management report and display capabilities do not show the correct incoming client IP Address The IP address of the machine on which SSL is installed is shown as the IP address of the client However if you are using the GSW Telnet Server then SuperSSL is able to pass the correct Client IP address to the Telnet Server In many environments this is not an option and is critical for administrative features such as monitoring shadowing etc If you are using the GSW UTS Telnet Server then you should check the option to Use GSW Telnet Server capabilities Be sure to set the UseSuperSSL parameter in the GSW UTS to 1 to enable this feature on the GSW UTS Telnet Server This is a registry value in the GSW UTS as identified below You will need to Stop and Start the GSW Telnet Server after this change is made HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services GS_Tnet Parameters UseSuperSSL 33 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL If you are not using the GSW Telnet Server then you should leave the default option Do not use GSW Telnet Server capabilities checked The second set of options for the Server Type is the Negotiation of RFC2941 option e Negotiation of the RFC2941 Authentication SuperSSI Configuration General Service Ciente Server Connection Address f 27001 Pot 123 Server Type C Donot use GSW Telnet Server capables Use GSW Telnet Server capabilities Do not nego
14. SuperSSL capability The Georgia SoftWorks floating license is a hardware key that can be ordered for a USB Port or a Parallel port Parallel Port Floating License USB Floating License Figure 10 Floating License Parallel Port Figure 11 Floating License USB Port The Parallel Port Floating License is a Pass Through allowing Not attached to a Server normal function of the port The Parallel Port Floating License connects to a female parallel port on the server and does not impact functionality of the port for other uses It acts pass though allowing normal connections to the other side of the key mci USB LED Lights when Installed Table 1 Floating Licenses Parallel and USB Ports SuperSSL will recognize the presence of the key and activate the software and the proper date for which free version upgrades can be obtained It does not matter which parallel or USB port on the server the Hardware Key is installed as all ports will be scanned for the installation of the key The Floating License currently is installed using the manufacturer Aladdin of the hardware key s setup program It is described below The name of the hardware key is HASP4 and you will see it displayed in the setup screens 12 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Floating License Hardware Key Installation Instructions Note If you are using a USB Floating License on a Windows NT system run the file aksnt4usb exe pr
15. SuperSSL is a service which receives Secure Socket Layer SSL encrypted data usually from client software decrypts it and sends the decrypted data to an arbitrary port on a local or remote machine server Additionally SuperSSL receives data from the mentioned port SSL encrypts it and sends it back to the client SuperSSL is RFC2941 compliant RFC2941 describes the SSL authentication option and provides a generic method for negotiation authentication type and mode for the telnet protocol SuperSSL works great with the GSW UTS Telnet Server but it is not limited to the GSW UTS Server SuperSSL will work with third party telnet servers yet is not limited to telnet SuperSSL provides a secure transparent channel to which SSL enabled clients may connect The convenience of having a transparent channel allows nearly any protocol that can run over TCP to run over SuperSSL This extends SSL security to server software that is not natively SSL enabled to communicate with a SSL enabled client Examples of server software includes but is not limited to POP3 HTTP and IMAP The SuperSSL is designed for use with the GSW UTS Telnet Server You will be pleased with the innovative yet seamless integration between the GSW SuperSSL and the GSW Telnet Server Together they facilitate secure telnet connectivity SSL is a secure and sophisticated protocol that requires prerequisite skills and knowledge by the administrator for proper configuration This docu
16. TWORKS OCTOBER 16 2006 SUPERSSL Clients Tab The Client Tab provides configuration associated with the Clients that connect to the server The configuration areas associated with the clients are e Security Policy Client Certificate Requirements and folder locations e Certificate Revocation List CRL Enable Disable and file location of CRL e Trusted Certificate Authorities CAs Enable Disable and file Location CA Hash Directory Enable Disable and folder locations de SuperSSL Configuration x General Service Clients Server m Security policy Trusted Certificate Authorities CAs C Do not use a CA file Use this CA file C Client certificate is required ese Files Georgia SoftWorks SuperSSL C Client certificate is required and must match one of certificates essen ad subo pad Browse located in this hash directory C Program Files Georgia Soft orks SuperSSL Browse Do not use a CA hash directory r Certificate Revocation List CAL C Use this CA hash directory C Program FileskGeorgia SoftWorks SuperSSL B TOWSE Do not use CAL Use this CRL file C Program Files Georgia Softw orksiSuperSSL Browse Figure 27 Configuration Clients Tab 26 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Security Policy By default the client certificate is not required This is how SSL security works with browsers by default You connect to si
17. client mode the Server s Port 992 on the Client Computer SC Connect Log On Oo o Your Connection is now SSL TLS Enabled Ey For Additional Capabilities use the SuperSSL Configuration Tool to Require client software to present specific certificates Change SuperSSL port to a different port that 992 Instruct SuperSSL not to expect the client to use Telnet Specify SSL TLS Re Negotiations for increased security and more Import your own certificates for the SuperSSL Note 1 If you set the GSW Telnet Server capabilities option you have to set HKEY_LOCAL_MACHINE SYSTEM CUrrentControlSet Services GS_Tnet Parameters UseSuperSSL to 1 and reboot the computer Note 2 You must be using GSW Telnet Server version 6 27 or later Note 3 All of the certificates and private key files must be in the standard BASE64 format h www georgiasoftworks com peores es com Tel 706 265 1018 Fax 706 265 1020 Figure 1 GSW SuperSSL Quickstart GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Overview The GSW SuperSSL is a SSL TLS Tunneling Proxy and provides the capability to secure TCP socket connections by utilizing SSL TLS cryptographic protocols Thank you for purchasing the Georgia SoftWorks SuperSSL for Windows NT XP 2000 2003 Have confidence knowing that your connection is secure using one of the best cryptographic protocols available in addition to potentially the strongest authentication mechanisms recognized GSW
18. cts to a USB or parallel port on the server See page 12 for details on registration via the Floating License 2 Registration via Software Serial Number This method exists for environments that do not support USB or parallel ports In brief this entails providing GSW with a machine specific Product ID A Serial Number is generated based on the Product ID This is usually performed via email fax or telephone 11 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Floating License Overview The Georgia SoftWorks Floating License provides the flexibility to rapidly move the GSW SuperSSL from one machine to another f you are unable to use the Floating License skip this section and go to the section on Registration via Software Serial Number on page 18 With the Floating License NO software registration is required for the SuperSSL to operate Common scenarios where the Floating License is useful include e Laboratory usage in a development or test environment where the SuperSSL is required for short periods of time on any particular machine and then moved to a new machine e Backup Servers in a production environment Typically multiple SuperSSLs are purchased for backup systems however with a Floating License the Hardware Key can be quickly moved from the primary machine to the backup without any other registration requirements e Environments where a failed server must be replaced or rebuilt and immediately restored to operation with full
19. e software at your convenience obtaining all new features and defect resolutions NOTE New versions can be downloaded from our web site at your convenience The GSW Subscription plan is an excellent value Even if you upgrade the software once every few years you will save with the subscription Version Upgrade Pricing with Subscription Plan Time from date of purchase Price For the Duration of Plan 1 2 and 3 year plans are available Free Table 2 Version Upgrade Pricing with GSW Subscription Plan The pricing for version upgrades without the Subscription is based on the time from the date of the original purchase or last version upgrade Version Upgrade Pricing without Subscription Plan Time from date of purchase Price Less than 60 days Free Greater than 60 days but less than 1 year 50 of the current list Greater than year 90 of the current list Table 3 Version Upgrade Pricing Without Subscription Plan 35 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL HOW TO UPDATE THE SOFTWARE 1 Download the software or use the supplied CD 2 Make sure the SuperSSL is not in use 3 Run the new Setup Program for the Update as done in the original installation 4 You may specify the same or different installation folder HOW TO RENEW THE GSW Subscription Please use the following procedure when renewing the GSW SuperSSL Subscription Step Who Action 1 GSW Send notice to customer
20. f certificates located in this hash directory C Program Files Georgia Soft Works SuperSSL Browse Do not use a C4 hash directory r Certificate Revocation List CRAL Use this CA hash directory C Program Files Georgia SoftWorks SuperSSL Browse Do not use CAL C Use this CRL file C Program Files Georgia SoftWorks SuperSSL Browse Cancel Apply Figure 31 Configuration Clients Tab Trusted Certificate Authorities Hash directory You may specify the hash directory for your trusted certificate authorities The options available are e Do not use Trusted Certificate Authorities hash directory o Select this option when you do not want to use a Trusted Certificate Authority hash directory e Use Trusted Certificate Authorities hash directory o If this option is selected then the path to the hash directory should be identified and entered If CA hash directory is specified it points to a directory containing CA certificates in PEM format The files each contain one CA certificate The files are looked up by the CA subject name hash value which must thus be available If several CA certificates exist with the same name hash value the extension must be different e g 9d66eef0 0 9d66eef0 1 etc The search is performed in the order of the extension number regardless of other properties of the certificates Use the OpenSSL utilities to generate the hash values 31 GEORGIA SO
21. giving indicating that the subscription is about to expire The notice is sent approximately 4 to 8 weeks prior to the expiration of the plan Customer Install new Floating License and software if desired Customer Ships OLD Floating License back to GSW Table 4 Steps to Renew the GSW Subscription Plan 2 Customer Places order for new subscription 3 GSW Confirms Order 4 GSW Ships current software documentation and new Floating License 5 6 36 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL System Signature IMPORTANT PLEASE READ NOTE This section only applies to Software Registration The registration software obtains a system signature that is unique to your system This signature is an added security measure to inhibit unauthorized personnel to obtain working copies of the GSW SuperSSL The signature is comprised of hardware and software identifiers that exist on your system that make the target system unique These identities are hashed into a Product ID and a Serial Number can be generated from this Product id If major hardware components of your system are removed replaced or modified your Serial Number may discontinue to work and you may need a new Serial Number to obtain access to the SuperSSL Please contact Georgia SoftWorks Technical Support if needed 37 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Technical Support In order to keep Technical Support Free please he
22. ial Number can be generated NOTE Read System Signature chapter at the end of manual How to Register the Software To run the registration software e Select the Start button on the task bar select Programs then Georgia SoftWorks SuperSSL and then Registration Note The Product Information Name and Version must contain valid data or it will not generate a correct Product ID The registration screen is displayed The Registration software automatically fills in the Product Information fields as show in the figure below Complete the Customer Information fields as shown in the figure below N Georgia SoftWorks Product Registration Yer 1 19 00 0001 x Customer information Product information Name Name GSW_SSSL Company Version 1 30 Street Address1 Product ID AS 3CFARFEFTADDCABBAETTO32ABAFBESATESDATD17D34B City State ip Registration information Country Please enter your serial number in the window below and click on the Register button Phone Fax Purchased From Expiration date Not set Free updates until Wednesday December 31 2003 Parameter o Register Save tofile Print Hw Key Figure 18 Registration with Serial Number Initial Screen 18 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL 1 Please complete the Customer Information the Purchased From and the Sessions Requested fields in the Registration Screen Enter the name of
23. ior to the following steps 1 Install the GSW SuperSSL software as described on page 5 if it is not already installed 2 Copy the files from the Floating License folder hardkey on the provided CD to the hard drive on your server 3 Runthe hinstall exe program and follow the installation instructions You will first see the Aladdin Splash Screen The Aladdin Splash Screen will display for about 5 seconds HASP REINVENTING SOFTWARE PROTECTION amp LICENSING Device Driver Aladdin Aladdin Knowledge Systems Ltd 1985 2005 AN Rights Reserved eAladdin g 3 Figure 12 Floating License HW Key Initial Splash Screen 4 The next screen displayed is the Aladdin Welcome Screen 13 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL f HASP HL Device Driver Installation Welcome This installation program will install the HASP HL Device Driver for Microsoft Windows 98 ME and Windows 2000 lt P 2003 on your system HASP HL Driver Version 5 12 In order to update the device drivers all open processes accessing the driver have to be closed If you have any running Al d di A applications using HASP please close them now Otherwise a In the installation program will try to terminate these processes ees ss Figure 13 Floating License Welcome Screen As the dialog indicates if you have any running application please close them now Click Next cd End User License Agreement A
24. irectory eese esee eee etre een rennen teneret nennen teens 31 NN NN 32 AAA NR NC 32 Server TyDe cie aia 33 GSW SUPERSSL SUBSCRIPTION ssssssssssssssssessessssesscssssessessssessessssessessssessessssessessssessessssessessssesee DD HOW TO UPDATE THE SOFTWARE 36 HOW TO RENEW THE GSW SUBSCRIPTION ooccccccccccccnncncnonononononononononononononononononononononononononononeneneninenes 36 SYSTEM SIGNATURE IMPORTANT PLEASE READ eere eren enen einen en ene enenseseeeeneenes OD Table of Figures Fiure e GSW S e 3 Figure 2 Self extracting installation file gswssl exe Figure 3 Initial Setup Screen Figure 4 Installation Welcome Screen Figure 5 Installation Choose Destination Folder Figure 6 Installation Select Program Folder Figure 7 Installation Progress Screen Figure 8 Installation Progress Screen 2 Figure 9 Installation Setup Complete Figure 10 Floating License Parallel Port Figure 11 Floating License USB Port Figure 12 Floating License HW Key Initial Splash Screen Figure 13 Floating License Welcome Screen Figure 14 Floating License License Agreement Figure 15 Floating License Accept License Agreement Figure 16 Floating License HW Key Installation Status Figure 17 Floating License Drivers Successful Installation Figure 18 Registration with Serial Number Initial Scree Figure 19 Regi
25. leted the screen below is displayed Installing drivers 2a Please wait Figure 16 Floating License HW Key Installation Status 15 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL EA HASP HL Device Driver Aladdin SPCURI em MI ALORA MALLA Figure 17 Floating License Drivers Successful Installation 6 When the installation of the Aladdin Hasp Device driver is complete the screen below is displayed Click Finish 7 Plug the hardware key onto the parallel or USB port on the server NOTE On some systems you may have to reboot the server after installation If the Floating License is not recognized by the GSW SuperSSL after installing the driver please reboot the server 16 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Uninstall Floating License Hardware Key In the event that you need to uninstall the Floating License Aladdin HaspHL please use the Windows Control Panel Add Remove Programs administrative utilities NOTE Removing or uninstalling the Floating License will disable the GSW SuperSSL Software 17 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Registration via Software Serial Number To run the GSW SuperSSL you must first register the software This registration is NOT required if you installed the Floating License Page 11 Registration via Software Serial Number entails just a few steps that involve obtaining the Product ID and providing this Identification to Georgia SoftWorks so a Ser
26. lp keep our cost down e Gather all relevant system information e Write your question down This not only helps us but also helps you in articulating the question If the question is not an emergency please use e mail at support georgiasoftworks com We try to respond within 24 hours Or Call 706 265 1018 EST M F 9 00 a m to 5 00 p m and have your Product ID ready 38
27. ment does not attempt to explain the details of the SSL protocol but rather how to install and configure GSW SuperSSL by the knowledgeable administrator GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Installation Installation of the GSW SuperSSL software is simple and quick From Windows NT XP 2000 2003 perform the following 1 Runthe gswss1 exe self extracting program Extracting Files The contents of this package are being extracted Please wait while the InstallShield Wizard extracts the files needed to install SuperSSL on your computer This may take a few moments Extracting IMST32LEX p M Y Installshield Cancel Figure 2 Self extracting installation file gswssl exe 2 Immediately following the self extraction you will observe the launch of the setup program AAA 9 SuperSSL Setup is preparing the InstallShield Wizard which will quide vou through the rest of the setup process Ed Please wait 39 96 Figure 3 Initial Setup Screen GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL 3 The Welcome screen of the setup program is displayed and you are reminded and urged to exit all Windows programs before continuing You are also reminded that you must have administrative privileges to install this program Click Next Welcome x Welcome to the SuperSSL Setup program This program will install SuperSSL on your computer It is strongly recommended that yo
28. r Authority IANA fz SuperSSL Configuration E General Service Clients Server TCP IP xi SSL Renegotiate Do not use SSL renegotiation capability C Renegotiate the SSL session every 00 x 10 thousand bytes sent to the client Identity GSW Tunnel Certificate EsPragram Files Georgia Softw orksiSupersSL Browse Import private key Figure 24 Confiffuration Port and Renegotiation SSL Renegotiate Cancel Apply The SSL Renegotiate configuration specifies if the server is allowed to re negotiate the set of session security parameters The renegotiation can be configured to re negotiate periodically based on the number of bytes sent to the client 2 Of course you should take care not to create a conflict on the port 23 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL The SSL Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data or periodically during the session SuperSSL Identity Server Authentication is performed using the GSW Certificate and the corresponding private key GSW SuperSSL comes with a default demo certificate to allow you to get up and running fast however you should obtain an official certificate examples Thawte Verisign and Entrust so your client software can authenticate
29. stration User Information Figure 20 Registration Serial Number Applied Figure 21 Registration Successful Screen Figure 22 Configuration General Tab Figure 23 Configuration Service Tab Figure 24 Configuration Port and Renegotiation Figure 25 Configuration GSW Identity Figure 26 GSW Certificate Import Private Key Figure 27 Configuration Clients Tab Figure 28 Configuration Clients Tab Security Policy Figure 29 Configuration Clients Tab Certificate Revocation List Figure 30 Configuration Clients Tab Trusted Certificate Authorities Figure 31 Configuration Clients Tab Trusted Certificate Authorities Hash directory Figure 32 Configuration Server Tab seed e ER Ner tH ere Hee Figure 33 Server Tab Server Type Figure 34 Configuration RFC2941 Negotiation Table of Tables Table 1 Floating Licenses Parallel and USB Ports Table 2 Version Upgrade Pricing with GSW Subscription Plan Table 3 Version Upgrade Pricing Without Subscription Plan Table 4 Steps to Renew the GSW Subscription Plan vi GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Typographic Conventions Italics are used to emphasize certain words especially new terms or phrases when they are introduced Initial Caps Bold Words that appear in initial caps boldface represent menu options buttons icons or any object that you may click
30. tes but you are not required to have your own certificate Client certificates allow the creation of usage scenarios where the server can identify accepts or rejects a client connection based on the identity embedded in the client certificate Having or not having a client certificate does not change the cryptographic security of the protocol de SuperSSL Configuration General Service Clients Server r Security policy Trusted Certificate Authorities CAs C Do not use a CA file Use this CA file esr FilestGeorgia SoftWorks SuperSSL C Client certificate is required and must match one of certificates i oit sien ar ap Browse located in this hash directory C Client certificate is required C Program Files Georgia Soft Works SuperSSL Browse Do not use a CA hash directory C Use this CA hash directory r Certificate Revocation List CRL C Program Files Georgia SoftWorks SuperSSL Browse Donot use CRL C Use this CRL file C Program Files Georgia SoftWorks SuperSSL Browse Cancel Apply Figure 28 Configuration Clients Tab Security Policy Additional security may be added by requiring identification of the client by the server The options available allow the administrator to specify that the client must have a certificate OR the client must have a certificate and it must match one of the certificates know to the server
31. the server without having to install additional certificates on the client If you have the expertise you may also generate your own certificate Windows Servers come with tools for this purpose The demo GSW Certificate is automatically installed in a default location C Program Files Georgia SoftWorks SuperSSL superssl pem You can specify the location of your Server Certificate by clicking the Browse button de SuperSSL Configuration General Service Clients Server TCP IP dentity Port 1992 GSW Tunnel Certificate je Program Files Georgia SoftWorks SuperSSL Browse Import private key SSL Renegotiate Do not use SSL renegotiation capability Renegotiate the SSL session every fi 00 x 10 thousand bytes sent to the client Apply Cancel Figure 25 Configuration GSW Identity 24 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Private Key Additionally the private key associated with the server certificate must be imported Click on the Import Private Key button and you will get prompted for the location of the private key file and the password associated with it The location of the private key file is specified by clicking on the browse button A a Import this private key file Oo o Broma Password Figure 26 GSW Certificate Import Private Key The Password associated with the private key file is entered next 25 GEORGIA SOF
32. tiste the AUTH option RFC2941 C Negotiate the AUTH option RFC2341 Figure 34 Configuration RFC2941 Negotiation If you are not using telnet either GSW Telnet or a Third Party then this option must be set to Do not negotiate the AUTH option This is the default setting Some SSL telnet clients require this option to be on example Kermit V2 0 and later and other telnet clients require this option to be off example Naurtech CETERM VT220 V5 1 The setting of the Negotiation option is based on the client requirements 34 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL GSW SuperSSL Subscription The GSW Subscription plan provides access to the most current versions of the software as well as priority support In general Georgia SoftWorks releases a new version as soon as new features are ready rather than waiting for scheduled quarterly or annual releases Due to our development and release generation methods and JIT User Manual production we can release software on a much more frequent basis than other organizations As soon as the features or defect resolutions are Alpha and Beta tested we can generate a release This provides our customers with features much quicker than the grouping method used by other companies The GSW SuperSSL subscription provides access to free version upgrades for the duration of the subscription The duration is either 1 2 or 3 years This is good as you can obtain new versions of th
33. u exit all Windows programs before running this Setup program Click Cancel to quit Setup and then close any programs you have running Click Next to continue with the Setup program WARNING This program is protected by copyright law and international treaties Unauthorized reproduction or distribution of this program or any portion of it may result in severe civil and criminal penalties and will be prosecuted to the maximum extent possible under law Figure 4 Installation Welcome Screen GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL 4 A screen is displayed indicating the folder that the GSW SuperSSL will be installed The default is C Program Files Georgia SoftWorksNGeorgia SoftWorks SuperSSL Click Next Choose Destination Location Figure 5 Installation Choose Destination Folder GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL 5 Select the Program Folder for the SuperSSL Click Next Select Program Folder i x Setup will add program icons to the Program Folder listed below You may type a new folder name or select one from the existing Folders list Click Next to continue Program Folders SuperSSL Existing Folders Pinnacle Express Presto PageManager for EPSON QuickBooks Pro QuickTime for Windows Real RoboHELP Office Seagate Crystal Reports Tools Startu lt Back Cancel Figure 6 Installation Select Program Folder A few installation progress screens
34. will be momentarily displayed GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Georgia SoftWorks SuperSSL Figure 7 Installation Progress Screen onfiguration parameters fully created registry values for configuration parameters ully read registry values of configuration parameters ully imported demo private key file lt C Program Files Georgia SoftWorks gt L superssl key gt SuperSSL installed Figure 8 Installation Progress Screen 2 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Setup Complete Figure 9 Installation Setup Complete 6 Now the Setup is complete Now its time to register SuperSSL Please view the readme txt file as it may contain late breaking information about SuperSSL that has not yet made it into the user guide Release notes are also contained in the readme txt file 10 GEORGIA SOFTWORKS OCTOBER 16 2006 SUPERSSL Registration The GSW SuperSSL is licensed for a single server The license must be activated for the software to operate To activate the license a valid Serial Number is required and is examined periodically by the SuperSSL software The Serial Number also allows new versions to be downloaded and installed for the duration of your subscription plan Two methods exist to obtain a valid Serial Number 1 Registration via Floating License default method The Serial Number is pre programmed into a specific hardware key that came with your purchase The hardware key conne
Download Pdf Manuals
Related Search