| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications > Communications and Data Encryption > Configuring for Encryption >
Configuring Siebel Enterprise for Microsoft Crypto or RSA Encryption
This section describes how to configure your Siebel Enterprise to use Microsoft Crypto or RSA encryption for SISNAPI (Siebel Internet Session API) communications between the Siebel Server and the Siebel Web Server Extension, and between Siebel Servers.
You also use the Siebel Software Configuration Wizard to configure the Siebel Web Server Extension. After you configure the Siebel Enterprise as described below, repeat this procedure for the Siebel Web Server Extension, setting the same encryption type.
To enable Microsoft Crypto or RSA encryption for the Siebel Enterprise
- Start the Siebel Software Configuration Wizard.
This utility appears when you first install the Siebel Enterprise, or you can launch it directly. For more information, see Siebel Server Installation Guide for the operating system you are using.
- Page to the Encryption Type screen in the utility and choose one of the following encryption settings:
- MSCRYPTO. Microsoft encryption protocol for communications between Siebel components (option available on Microsoft Windows platforms only).
- RSA. A required protocol if you are using the RSA Security Systems 128-bit strong encryption feature for Siebel components.
- NONE. Specify this option if you will not use encryption, or if you will use SSL instead of Microsoft Crypto or RSA encryption.
NOTE: For Siebel installations that include both UNIX and Microsoft Windows platforms, it is recommended to use an encryption method supported across platforms, such as RSA or SSL.
- Review the settings, specify to finish configuration, then restart the server.
Key Exchange for Microsoft Crypto or RSA Encryption
If you are using Microsoft Crypto or RSA encryption, the following steps explain how Siebel encryption keys are exchanged between the client (for example, the Web server) and the server (for example, Siebel Server).
- The client generates a private/public key pair. The public key is sent as part of the Hello SISNAPI message to the Siebel Server.
- When the server receives a Hello message, it generates an RC4-based symmetrical session key and encrypts the symmetrical session key using the client's public key from the Hello message. The encrypted session key is sent back to the client as part of the Hello Acknowledge message.
- The client uses its private key to decrypt the server-generated session key. From this point on, both the client and the server use the server-generated session key to encrypt and decrypt messages.
- The session key is good for the lifetime of the connection.
NOTE: If you are using SSL encryption between the Web server and Siebel Server or between Siebel Servers, key exchange is handled through a standard SSL handshake.
| Bookshelf Home | Contents | Index | Search | PDF | |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |