Skip to main content

Configuring InterSystems IRIS Telnet to Use TLS

InterSystems IRIS® data platform offers several options for using TLS-protected Telnet connections.

Configure the InterSystems IRIS Telnet Server to use TLS

You can configure InterSystems IRIS to accept TLS-protected connections from Telnet clients. To do this, configure the InterSystems IRIS Telnet server to use TLS:

  1. From the Management Portal home page, go to the SSL/TLS Configurations page (System Administration > Security > SSL/TLS Configurations).

  2. On the SSL/TLS Configurations page, select Create New Configuration, which displays the New SSL/TLS Configuration page. On this page, create a TLS Server configuration with a configuration name of %TELNET/SSL.

  3. Enable the Telnet service, %Service_Telnet:

    1. On the Services page (System Administration > Security > Services), click %Service_Telnet to display the Edit Service page for the Telnet service.

    2. On the Edit Service page, check Service Enabled if it is not already checked.

    3. Click Save.

  4. On the System-wide Security Parameters page (System Administration > Security > System Security), select Enabled for both the Superserver SSL/TLS support and the Telnet server SSL/TLS support settings.

Configuring Telnet Clients to Use TLS

InterSystems IRIS accepts TLS connections from both the InterSystems Telnet client and third-party Telnet clients.

Configure the InterSystems Telnet Client to Use TLS

You can configure the InterSystems Telnet client to use a TLS connection. The process involves several steps:

  1. On the instance that is the Telnet server, configure it according to the instructions in the previous section, which includes the option of requiring TLS.

  2. On the instance that is the Telnet client, configure the settings file according to the instructions in “Connecting from a Windows Client Using a Settings File.”

Configure Third-Party Telnet Clients to Use TLS

You can configure third-party Telnet clients to connect to an InterSystems Telnet server. The required or recommended configuration actions depend on the software in use and the selected cipher suites. The following guidelines apply:

  • If the Telnet client requires server authentication, then the server must provide a certificate and the client must have access to the server’s certificate chain.

  • If the InterSystems IRIS Telnet server requires client authentication, then the client must provide a certificate and the server must have access to the client’s certificate chain.

  • If the InterSystems IRIS Telnet server requests client authentication, then the client has the option of providing a certificate and a certificate chain to its certificate authority (CA). If the client does not provide a certificate, then authentication succeeds; if it provides a non-valid certificate or certificate chain, then authentication fails.

For information on how certificate and certificate chains are used for authentication, see Establishing the Required Certificate Chain.

FeedbackOpens in a new tab