|
Siebel Security Guide > Communications and Data Encryption >
Installing Certificate Files
This topic describes how to install certificate files on Microsoft Windows and on Unix. For information on using certificate files and SSL authentication, see About Certificates and Key Files Used for SSL Authentication. This task is a step in Process of Configuring Secure Communications. About Installing Certificate Files on Windows
You import certificate authority files and certificate files using Microsoft Internet Explorer's Certificate Import Wizard. For information on how to use this wizard, see the Microsoft documentation. About Installing Certificate Files on UNIX
If you are using a UNIX operating system, refer to the following for information on obtaining certificate authority files and certificate files:
- SSL encryption for Web client connections to the Web server. Refer to your Web server documentation for information on encrypting data transmission and on certificate requirements.
- Encryption for SISNAPI connections. Obtain the required certificate files and locate them on a local volume; they do not have to be installed.
- SSL encryption for connection to LDAP or ADSI directories. The LDAP security adapter uses the IBM GSKit to handle the installation of certificates. For information on the IBM GSKit, see Generating a CMS Key Database Using IBM GSKit.
- Communications encryption between the Siebel Server and the Database Server. Refer to your third-party RDBMS vendor for information on configuring communications encryption and certificate requirements.
Installing Certificate Files on UNIX for Client Authentication
When using the EAI HTTP Transport business service with the SSL protocol, you might have to install certificate files, for example, if you want to enable client authentication. If you are using a UNIX-based operating system, Siebel Business Applications provide a utility (mwcontrol utility) that enables you to install on your Siebel Server and SWSE computers the certificate authority and certificate files required when using EAI HTTP Transport with SSL. For information on client authentication, see Configuring SSL Mutual Authentication. The mwcontrol utility invokes a wizard that is similar to Microsoft Internet Explorer's Certificate Import Wizard. The following procedure describes how to use the mwcontrol utility to install certificate files. Execute the mwcontrol utility on each Siebel Server and SWSE computer where you want to install client authentication certificate files. NOTE: When you use the mwcontrol utility to install a certificate file, the certificate file must be located on a local volume. You cannot use the mwcontrol utility to install certificate files that are located on a network-attached storage (NAS) device or other remote volume.
To invoke the mwcontrol utility and install certificate files
- Depending on the type of UNIX operating system you use, enter the following commands:
- For Bourne shell or Korn shell:
. ./siebenv.sh
source siebenv.csh
- Set your DISPLAY environment variable to the IP address of the computer that hosts the mwcontrol utility:
- For Bourne shell or Korn shell:
export DISPLAY=ipaddress of the computer that hosts the mwcontrol utility:0.0
setenv DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0
If you are using an X-Windows client, 00 is the connection identifier.
- To invoke the mwcontrol utility, execute the following command:
mwcontrol $SIEBSRVR_ROOT/mw/lib/inetcpl.cpl
where:
$SIEBSRVR_ROOT is the Siebel Server installation directory.
Alternatively, if you are running this procedure on your SWSE computer, replace $SIEBSRVR_ROOT with the location of the SWSE installation directory.
The wizard appears.
- Select the Content tab, then click the Certificates button.
The Certificate Manager appears.
- Select the tab that corresponds to the type of certificate you want to install.
For example to install a certifying authority certificate, select Trusted Root Certification Authorities tab.
- Click Import to display the Certificate Manager Import Wizard, then click Next to navigate to the location where you stored the certificate file you want to install.
- Select the certificate, and click Next.
- Select the check box, Automatically select the certificate store based on the type of certificate, then click Next.
- Click Next, then Finish to complete the installation, and terminate the execution of the mwcontrol utility.
Note the following points about your application's configuration file before you modify it in Step 10:
- Locate the DockConnString parameter in the [Local] section of the file.
This parameter specifies the name of the Siebel Server used to synchronize with the client. It has the following format:
siebel_server_name:network_protocol:sync_port_#:service:encryption
Encryption is the fifth element in the DockConnString parameter. This element indicates the type of encryption used during synchronization.
An example of a DockConnString parameter value is as follows:
APPSRV:TCPIP:40400:SMI:RSA
- Override the default NONE and set encryption to
MSCRYPTO or RSA.
The encryption you specify must match the encryption used by the Siebel Server. If no value is specified (or the value is NONE), encryption is not enabled. For example, to configure for RSA encryption, use one of the following:
APPSRV:TCPIP:40400:DOCK:RSA
APPSRV::RSA
- Save your changes and exit the file.
For more information about editing configuration files for Siebel Remote and Mobile Web Clients, see Siebel Remote and Replication Manager Administration Guide and Siebel System Administration Guide.
- Restart the Siebel Server or SWSE computer on which you installed the certificate file.
For additional information on certificate files, see About Certificates and Key Files Used for SSL Authentication.
|
