Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Communications and Data Encryption >

Configuring SSL Encryption for SWSE

This topic describes how to configure your SWSE to use Secure Sockets Layer (SSL) encryption and, optionally, authentication for SISNAPI communications with Siebel Servers using the Siebel Configuration Wizard. Configuring SSL communications between Siebel Servers and the Web server also requires that you configure a Siebel Enterprise or Siebel Server to use SSL, as described in Configuring SSL Encryption for the Siebel Enterprise or a Siebel Server.

This task is a step in Process of Configuring Secure Communications.

The information in this topic describes how to implement SSL for communications between the SWSE and Siebel Servers. For information on implementing SSL for communications between a Siebel Web client and the SWSE, see Configuring a Siebel Web Client to Use SSL.

About Configuring SSL Encryption for SWSE

When you configure your SWSE to use SSL, a parameter is added to the eapps.cfg file in a new section called [connmgmt]. The [connmgmt] section looks similar to the following:

[connmgmt]
CACertFileName = c:\security\cacertfile.pem
CertFileName = c:\security\certfile.pem
KeyFileName = c:\sba80\admin\keyfile.txt
KeyFilePassword = ^s*)Jh!#7
PeerAuth = TRUE
PeerCertValidation = FALSE

Names for the eapps.cfg file parameters mentioned in this procedure correspond to the Siebel Gateway Name Server parameters for the Siebel Server. For descriptions of the SSL-related parameters listed in the previous example, see Parameters in the eapps.cfg File.

After configuring SSL encryption for the SWSE, for any AOM that will connect to the SWSE using SSL, you must modify the ConnectString parameter to specify SSL as the communications type (TCP/IP is used by default), and none as the encryption type. For example, for Siebel Sales using U.S. English, modify the parameter in the [/sales_enu] section of eapps.cfg to resemble the following:

siebel.ssl.None.None://gtwyname/siebel/SSEObjMgr_enu

Deploying SSL for SWSE

To deploy SSL for SWSE, you first configure a SWSE logical profile using the Siebel Configuration Wizard (Siebel Enterprise Configuration Wizard). During this stage, you specify the values for deployment of SSL on the SWSE. You then apply the SWSE logical profile to the installed instance of the SWSE using the SWSE Configuration Wizard. The following procedure describes both of these steps.

To enable SSL encryption for the SWSE

  1. Before you begin, obtain and install the necessary certificate files you re quire if you are configuring SSL authentication.
  2. Launch the Siebel Configuration Wizard, as described in Siebel Installation Guide for the operating system you are using.
  3. Specify whether you want to configure the product in live mode or offline mode.
  4. Select Create New Configuration.
  5. Select the option Configure a New Siebel Web Server Extension Logical Profile.
  6. Configure other values for the SWSE logical profile, as described in Siebel Installation Guide for the operating system you are using, until the Deploy SSL in the Enterprise screen appears.
  7. Select the check box, Deploy Secure Socket Layer (SSL) in the Enterprise, to enable SSL communications between the Web server and the Siebel Server.
  8. Specify the names of the certificate file and of the certificate authority file.

    The equivalent parameters in the eapps.cfg file are CertFileName and CACertFileName.

  9. Specify the name of the private key file, and the password for the private key file, then confirm the password. The password you specify is stored in encrypted form.

    The equivalent parameters in the eapps.cfg file that the SWSE logical profile applies to the installed SWSE are KeyFileName and KeyFilePassword.

  10. Specify whether you require peer authentication.

    Peer authentication means that the SWSE authenticates the Siebel Server whenever a connection is initiated. Peer authentication is false by default.

    NOTE:  If peer authentication is set to TRUE on the SWSE, the Siebel Server is authenticated, provided that the SWSE has the certifying authority's certificate to authenticate the Siebel Server's certificate. If you deploy SSL, it is recommended that you set PeerAuth to TRUE to obtain maximum security.

    The equivalent parameter in the eapps.cfg file that the SWSE logical profile applies to the installed SWSE is PeerAuth.

  11. Specify whether you require peer certificate validation.

    Peer certificate validation performs reverse-DNS lookup to independently verify that the hostname of the Siebel Server computer matches the hostname presented in the certificate. Peer certificate validation is false by default.

    The equivalent parameter in the eapps.cfg file that the SWSE logical profile applies to the installed SWSE is PeerCertValidation.

  12. Review the settings. If the settings are correct, execute the configuration and proceed to Step 13.
  13. Using the SWSE Configuration Wizard, apply the SWSE logical profile to each SWSE in your Siebel environment for which you want to secure communication using SSL.

    For information on applying the SWSE logical profile, see the Siebel Installation Guide for the operating system you are using.

  14. For each AOM that will connect to the SWSE using SSL, modify the ConnectString parameter.

    For information on modifying the ConnectString parameter, see About Configuring SSL Encryption for SWSE.

Make sure you also configure each Siebel Server in your environment, as described in Configuring SSL Encryption for the Siebel Enterprise or a Siebel Server.

    
Siebel Security Guide Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices.