Implementation of Robot Secure GUIs

 

Before You Begin:

• The Secure Connection GUI functionality has been added to the following products: Robot Schedule, Robot Schedule Enterprise, Robot Console, Robot Network, and Robot Space.
• The Secure Connection GUI functionality only imports existing certificates from the IBM i for use in the Robot software. Beyond this importing function there are no certificate management features. For further information on certificates, see IBM Support, or your Certificate Authority (CA) provider of choice, or speak to your system administrator.
• Self-signed certificates and 3^rd party Certificate Authority (CA) certificates, both system specific and domain level, will work with the Robot software.
• All seven IBM i ports are expected to be secured with the same certificate. For a list of the seven ports on the IBM i that are required to be secured, see the IBM i Secured Ports section below.
• Required Versions:
  • If you are using secure connection for Robot Schedule in standalone mode, you must be at version 13 AND if you have Robot Schedule Enterprise, that must be at version 2. Also, if you have Robot Console, that must be at version 7.
  • If you are using secure connection for Robot Schedule in host mode, Robert Network Host must be at version 12, Robot Schedule at version 13, and if you have Robot Schedule Enterprise, you must be at version 2.
  • If you are using secure connection for Robot Network, all systems (Robot Network Host and Nodes) that have Robot Console or Robot Schedule installed must be at the following minimum versions: Robot Network Host 12, Robot Network Node 12, Robot Schedule 13, and Robot Console 7.

Where Certificates are Stored When Imported

Robot Console:

On the PC - C:\Program Files (x86)\Help Systems

Robot Network

On the IBM i - /Help Systems

Robot Schedule

On the PC - C:\Program Files (x86)\Help Systems

Robot Schedule Enterprise

On the IBM i - /Help Systems

Robot Space

On the PC - C:\Program Files (x86)\Help Systems

IBM i Secured Ports

Changing the Certificate Passphrase

Users of Secure Robot products may wish to change the default passphrase for the certificate store jssecacerts. Once you have changed the password you will need to update the jssepassphrase file on the system where the certificate store password was changed. You can specify the new passphrase you wish to use and the encrypted passphrase will be saved in a file called jssepassphrase in the /Help Systems directory on the IBM i and in the C:\Program Files (x86)\Help Systems folder on the PC.

Schedule Enterprise -

On the PC

1. Open a command prompt using the Run as administrator option. NOTE: The command must be run with an administrator level profile.
2. Change directory to either the Robot Schedule or Robot Console folder. Example: cd C:\Program Files (x86)\Help Systems\Robot SCHEDULE 13.
3. Enter the command: updatePassPhrase save new passphrase NOTE: Depending on the new passphrase entered, it may need to be surrounded by double quotes (pass phrase).

   

4. Press Enter. The passphrase will be changed and the jssepassphrase file will be created.

On the IBM i:

NOTE: The new passphrase is case sensitive and does not need to be surrounded by quotes.

1. Display a command line.

   

2. Enter Command RBEUPDJSSE and prompt with F4.

   

3. Enter the new passphrase and press Enter.

Adding a Secure GUI connection in the Robot Products

Robot Console, Robot Schedule, and Robot Space

To enable secure connection for Robot Console, Robot Schedule, or Robot Space, you need to setup the secure connection through the product Explorer (GUI). See the instructions below:

1. Navigate to System Connection Properties.
2. (For Edit of existing connection) Select your system in the Connection Properties list and click the Edit button. (For adding a new connection) Click the Add button.
3. Fill out the Connection Properties as needed. Check the 'Secure via IBM i Certificate' box.

   

4. Click Verify to ensure a successful connection.

5. Click OK. In the Connection Properties list, the value in the Secure column will change to Yes and the Certificate Expiration Date will be displayed.

   

Robot Network

To enable secure connection for Robot Network, you need to set the USESECURE parameter to *YES with the commands RBNCFGHOST and RBNCFGNODE. Then, you must enable the secure connection in the Robot Network GUI. See the instructions below:

On the Host system

1. Enter the command 'RBTNETLIB/RBNCFGHOST' and prompt with F4.

   

2. Change the 'Use Secure Connection' parameter to *YES. Press Enter.

On the Nodes 

1. Enter the command 'RBTNETNODE/RBNCFGNODE' and prompt withF4.

   

2. Change the 'Use Secure Connection' parameter to *YES. Press Enter.

In the Robot Network Explorer (GUI)

1. Navigate to System Connection Properties.
2. (For Edit of existing connection) Select your Host system in the Connection Properties list and click the Edit button. (For adding a new connection) Click the Add button.
3. Fill out the Connection Properties as needed. Check the 'Secure via IBMi Certificate' box.

   

4. Click OK. In the Connection Properties list, the value in the Secure column will change to Yes and the Certificate Expiration Date will be displayed.

Robot Schedule Enterprise

To enable secure connection for Robot Schedule Enterprise, you need to set the USESECURE parameter to *YES with the command RBECONFIG. Follow the instructions below to set the parameter:

1. On the system where Enterprise Server is installed, add the library 'RBTENTLIB'.

   

2. Enter the command 'RBECONFIG' and press F4 to prompt.

   

3. Change the 'Use Secure Connections' parameter to *YES. Press Enter.

   

For further information:

See the Connection Properties section of the Robot Console User Guide.

See the Connection Properties section of the Robot Schedule User Guide.

See the Connection Properties section of the Robot Space User Guide.

See the Defining Host Connections section of the Robot Network User Guide.