Siebel Security Guide > Security Features of Siebel Web Server Extension >

Configuring a Siebel Web Client to Use HTTPS

You can configure Siebel Business Applications to specify whether or not URLs must use SSL or TLS over HTTP (HTTPS protocol) to access views in a Siebel application. You can specify that HTTPS must be used to access specific views, to access all views, or is not required to access views.

If you use the HTTPS protocol, then be aware of the following issues:

• You can switch between secure and nonsecure views in Siebel customer applications, but not in employee applications (such as Siebel Call Center). For employee applications, if any views are to be secure, then all views must be secure.
• Your Web server must be configured to support HTTPS.

  You must install a certificate file on the Web server with which you want to secure communication. For more information, see About Certificates and Key Files Used for SSL or TLS Authentication.

Two factors determine whether or not the Siebel Web Engine verifies that requests for a view use the HTTPS protocol:

• The value (True or False) of the view's Secure attribute

  You can set the Secure property of a specific view to indicate whether or not the HTTPS protocol must be used to access the view. The ability to selectively secure individual views applies to standard-interactivity applications. For information about specifying the Secure attribute for an individual view, see Configuring Siebel Business Applications.

• The value (True or False) of the SecureBrowse component parameter

  You can specify a value for the SecureBrowse parameter to indicate whether or not the HTTPS protocol must be used to access all the views in an application.

The following procedure describes how to configure your application to use HTTPS or HTTP for all views in an application.

To configure your application to use HTTPS or HTTP for all views

• Using Siebel Server Manager, specify one of the following values for the SecureBrowse component parameter:
  • SecureBrowse is set to TRUE. If SecureBrowse is set to TRUE, then HTTPS is required for all views in the application, regardless of how the Secure attribute is set for individual views.
  • SecureBrowse is set to FALSE. If SecureBrowse is set to FALSE, then HTTP is required for all views in the application, except for views for which the Secure attribute is set to TRUE. Secure views require HTTPS.

    NOTE:  In previous releases of Siebel Business Applications, values for the SecureLogin and SecureBrowse parameters for Siebel Web Clients were specified in the Siebel application configuration file. Since Siebel version 8.0, SecureLogin and SecureBrowse are Application Object Manager (AOM) parameters which are set using Siebel Server Manager. For information on setting parameters using Siebel Server Manager, see Siebel System Administration Guide.

You can also specify that user credentials entered at login must be transmitted from the Web client to the Web server using the HTTPS protocol by setting values for the SecureLogin parameter. For information on this parameter, see Implementing Secure Login.