SSL Certificate for Astro

A certificate can either be purchased or you can use  the Astro test certificate.

Preferably purchase a certificate from a trusted authority (e.g. VeriSign or Thawte). Most SSL clients will automatically accept "trusted" certificates, and the host name of the certificate will match the actual host name.
Install the certificate on the server, and specify the path to the certificate in registry key:
Astro Secure BLSA: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AstroSSBLSA\Cert)
Astro Secure Telnet Server: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AstroSSTnSrv\Cert)

For test purpose, Astro provides a 1024-bit x509 certificate. This certificate does not correspond to the host name of your server, and the certificate is not issued by a trusted authority. Therefore, if the Astro test certificate is used, most SSL clients (for example Reflection 11) require that you manually install the certificate as "trusted".

Below is described how to install the Astro certificate on a client, and how to set up Reflection 11 for SSL on the client.

 

Installation of the Astro test Certificate on a client

  1. Click SSL Certificate for Astro.

  2. Select Open this file from its current location.

  3. Click Install Certificate....

  4. Click Next.

  5. Click Next.

  6. Click Finish.

  7. Click Yes.

  8. Click OK.

  9. In the Certificate dialog box, click OK.

 

Check that the certificate was installed properly

  1. Start Internet Explorer.

  2. Click Tools.

  3. Select Internet Options.

  4. Select the tab Content.

  5. Select Certificates.

  6. Select the tab Trusted Root Certification.

  7. Scroll down to find MAsystemCA.

 

Setup in Reflection to run Astro using Telnet and SSL

  1. Open a session in Reflection.

  2. Click Connection.

  3. Select the tab Connection Setup.

  4. In the Connection Setup dialog box, click the radio button Network.

  5. Mark TELNET.

  6. Click the Security button.

  7. In the dialog box for Security Properties, select the tab SSL/TLS.

  8. Tick Use SSL/TLS security.

  9. If using Astro test certificate: Empty the check box for Certificate host name must match host being contacted.

  10. Click OK.

  11. Back in the Connection Setup dialog box, click the More Settings button.

  12. In the dialog box for More Settings - TELNET, change the TCP port number to 992.

  13. Click OK in the open dialog boxes respectively.