Bookshelf Home | Contents | Index | Search | PDF

Security Guide for Siebel eBusiness Applications > Communications and Data Encryption > Configuring for Encryption >

Configuring Siebel Web Server Extension for SSL Encryption

---

This section describes how to configure your Siebel Web Server Extension (SWSE) to use Secure Sockets Layer (SSL) encryption or authentication for SISNAPI communications with Siebel Servers.

Configuring SSL communications between Siebel Servers and the Web server also requires that you configure Siebel Enterprise or Siebel Server to use SSL, as described in Configuring Siebel Enterprise or Siebel Server for SSL Encryption.

Performing this procedure adds parameters to the eapp.cfg file in a new section called [ConnMgmt]. For example, the [ConnMgmt] section might look like this:

[ConnMgmt]
CACertFileName = d:\siebel\admin\cacertfile.pem
CertFileName = d:\siebel\admin\certfile.pem
KeyFileName = d:\siebel\admin\kefile.txt
KeyFilePassword = ^s*)Jh!#7
PeerAuth = FALSE
PeerCertValidation = FALSE

Names for eapps.cfg file parameters mentioned in this procedure correspond to Name Server parameters for Siebel Server.

After running this utility, for any Application Object Manager that will connect to the SWSE using SSL, you must modify the ConnectString parameter to specify SSL as the communications type (TCP/IP is used by default), and none as the encryption type. For example, for Siebel Sales using U.S. English, modify the parameter in the [/sales_enu] section of eapps.cfg to resemble the following:

siebel.ssl.none.none://hostname:2320/siebel/SSEObjMgr_enu/servername

Running the SSL Configuration Utility for SWSE

This section describes running the Siebel Software Configuration Utility (Siebel Web Server Extension SSL).

NOTE:  The prompts for the SSL configuration utility are the same whether you run it in GUI mode (Windows) or console mode (UNIX). However, many of the specific user interface elements are different in these two modes.

CAUTION:  The following procedure must be performed after installing all applicable maintenance releases. For more information, refer to the Maintenance Release Guide for your Siebel products.

To enable SSL encryption for the Siebel Web Server Extension

On the Web server machine, start the Siebel Software Configuration Utility (Siebel Web Server Extension SSL version).
For Microsoft Windows platforms, open an MS-DOS window and enter the following command to run this utility in a graphical mode:

SWEAPP_ROOT\bin\ssincfgw.exe -l language -f SWEAPP_ROOT\admin\ssleapp.scm -logevents all

where:

SWEAPP_ROOT is the Siebel Web Server Extension installation directory
language is the language in which you want to run the configuration utility (for example, ENU for U.S. English)
For UNIX platforms, enter the following commands to run this utility in console mode:

cd SWEAPP_ROOT

For Bourne shell or Korn shell: . ./siebenv.sh

(Make sure there is a space between the initial period (.) and ./siebenv.sh.)

For C shell: source siebenv.csh

cd SWEAPP_ROOT/bin

./icfg - l language -f SWEAPP_ROOT/admin/ssleapp.scm
-logevents all

where:

SWEAPP_ROOT is the Siebel Web Server Extension installation directory
language is the language in which you want to run the configuration utility (for example, ENU for U.S. English)
Specify the names of the certificate file and of the certificate authority file.

The certificate file must use either ASN or PEM format. The certificate authority file identifies the trusted authority who issued the certificate.

These files are typically located on each SWSE machine for which you configure SSL.

The equivalent parameters in the eapps.cfg file are CertFileName and CACertFileName.

Specify the name of the private key file, and the password for the private key file, then confirm the password.

The private key file must use PEM format. This file is typically located on each SWSE machine for which you configure SSL.

The password you specify will be stored in encrypted form.

The equivalent parameters in the eapps.cfg file are KeyFileName and KeyFilePassword.

Specify whether you require peer authentication.

Peer authentication means that the SWSE must authenticate itself with a certificate against the Siebel Server whenever a connection is initiated. Peer authentication is false by default.

NOTE:  If you set peer authentication for the SWSE, you must also set it for any Siebel Server that will connect to it.

The equivalent parameter in the eapps.cfg file is PeerAuth.

Specify whether you require peer certificate validation.

Peer certificate validation performs reverse-DNS lookup to independently verify that the hostname of the SWSE machine matches the hostname presented in the certificate. Peer certificate validation is false by default.

The equivalent parameter in the eapps.cfg file is PeerCertValidation.

Review the settings, specify to finish configuration, and then restart the Web server.

Repeat this procedure for each Siebel Web Server Extension in your application environment. Make sure you also configure all applicable Siebel Servers.

Bookshelf Home | Contents | Index | Search | PDF