Bookshelf Home | Contents | Index | PDF |
Siebel Security Guide > Security Adapter Authentication > Process of Installing and Configuring LDAP Client Software > Generating a CMS Key Database Using IBM GSKitThis topic describes how to generate a Cryptographic Message Syntax (CMS) key database using the IBM GSKit. Before you attempt this task, make sure that you carry out the tasks described in Configuring the IBM GSKit. This task is a step in Process of Installing and Configuring LDAP Client Software. By enabling SSL for the Siebel LDAP security adapter, a secure connection is established between the Siebel application and its LDAP server. For information on enabling SSL for an LDAP server, see your third-party LDAP server administration documentation. This topic assumes that the LDAP server is already SSL-enabled—that is, it accepts SSL connections. To enable SSL for the Siebel LDAP security adapter, a certificate database file must be installed on the Siebel Server computer where AOMs or other components run that must support LDAP authentication through the LDAP security adapter. The LDAP security adapter must connect to the LDAP server using a port that accepts SSL connections. The Siebel LDAP security adapter is built on top of the IBM LDAP Client. The IBM LDAP Client requires that the certificate database file uses the CMS key database format. You can generate a CMS key database using IBM GSKit. The rest of this topic provides detailed instructions for generating a CMS key database and enabling SSL for the Siebel LDAP security adapter. Generating a CMS Key DatabaseThe CMS key database must contain CA certificates of those Certificate Authorities that have issued server certificates to LDAP servers. For example, assume that the Siebel Server is configured to authenticate against LDAP server LDAPserver1:392. The server certificate for this LDAP server is issued by the certificate server evlab1. Therefore, the CMS key database only has to contain a CA certificate for CERTserver1. It does not have to contain a server certificate for LDAPserver1. If the Siebel Server is configured to authenticate against another LDAP server that gets its server certificate from CERTserver1, you do not have to update the CMS key database. After installing and configuring the IBM GSKit on your computer, use the following procedure to configure IBM GSKit to support CMS key databases, and to generate a CMS key database. To configure IBM GSKit to support CMS key databases
NOTE: For LDAP servers that have their server certificate issued from a new CA, just add the CA certificate to the CMS key database, instead of creating a new CMS key database for every LDAP server. Enabling SSL for Siebel LDAP Security AdapterUse the procedure below to configure SSL for the Siebel LDAP security adapter. For more information about LDAP security adapter configuration, see Process of Implementing LDAP or ADSI Security Adapter Authentication. To enable SSL for the Siebel LDAP security adapter
|
Siebel Security Guide | Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |