Siebel Security Guide > Communications and Data Encryption >

Installing Certificate Files

This topic describes how to install certificate files on Microsoft Windows and on Unix operating systems. For information on using certificate files and SSL and TLS authentication, see About Certificates and Key Files Used for SSL or TLS Authentication.

This task is a step in Process of Configuring Secure Communications.

About Installing Certificate Files on Windows

If you have enabled Oracle's Siebel Open UI, and if you are not using Internet Explorer to run your Siebel application, see your browser documentation for information on installing certificate files.

If you are using a Siebel high-interactivity or standard-interactivity client, then you import certificate authority files and certificate files using Microsoft Internet Explorer's Certificate Import Wizard. For information on how to use this wizard, see the Microsoft documentation.

About Installing Certificate Files on UNIX

If you are using a UNIX operating system, then refer to the following for information on obtaining certificate authority files and certificate files:

  • SSL or TLS encryption for Web client connections to the Web server. Refer to your Web server documentation for information on encrypting data transmission and on certificate requirements.
  • SSL or TLS Encryption for SISNAPI connections. Obtain the required certificate files and locate them on a local volume; they do not have to be installed.
  • SSL encryption for connection to LDAP directories or to Active Directory. The LDAP security adapter uses the IBM GSKit to handle the installation of certificates. For information on the IBM GSKit, see Creating a Wallet for Certificate Files When Using LDAP Authentication with SSL.
  • Communications encryption between the Siebel Server and the Database Server. Refer to your third-party RDBMS vendor for information on configuring communications encryption and certificate requirements.

Installing Certificate Files on UNIX for Client Authentication

When using the EAI HTTP Transport business service with the SSL protocol, you might have to install certificate files, for example, if you want to enable client authentication. If you are using a UNIX-based operating system, then Siebel Business Applications provide a utility, the mwcontrol utility, that enables you to install on your Siebel Server and SWSE computers the certificate authority and certificate files required when using EAI HTTP Transport with SSL. For information on client authentication, see Configuring SSL Mutual Authentication.

The following procedure describes how to use the mwcontrol utility to install certificate files. Execute the mwcontrol utility on each Siebel Server and SWSE computer where you want to install client authentication certificate files.

NOTE:  When you use the mwcontrol utility to install a certificate file, the certificate file must be located on a local volume. You cannot use the mwcontrol utility to install certificate files that are located on a network-attached storage (NAS) device or other remote volume.

To invoke the mwcontrol utility and install certificate files

  1. Depending on the type of UNIX operating system you use, enter the following commands:
    • For Bourne shell or Korn shell:

    . ./

    • For C shell:

    source siebenv.csh

  2. Set your DISPLAY environment variable to the IP address of the computer that hosts the mwcontrol utility:
    • For Bourne shell or Korn shell:

    export DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0

    • For C shell:

    setenv DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0

    If you are using an X-Windows client, then 00 is the connection identifier.

  3. To invoke the mwcontrol utility, execute the following command:

    mwcontrol $SIEBSRVR_ROOT/mw/lib/inetcpl.cpl

    where $SIEBSRVR_ROOT is the Siebel Server installation directory.

    Alternatively, if you are running this procedure on your SWSE computer, then replace $SIEBSRVR_ROOT with the location of the SWSE installation directory.

    The wizard appears.

  4. Select the Content tab, then click the Certificates button.

    The Certificate Manager appears.

  5. Select the tab that corresponds to the type of certificate you want to install.

    For example to install a certifying authority certificate, select Trusted Root Certification Authorities tab.

  6. Click Import to display the Certificate Manager Import Wizard, then click Next to navigate to the location where you stored the certificate file you want to install.
  7. Select the certificate, and click Next.
  8. Select the check box Automatically select the certificate store based on the type of certificate, then click Next.
  9. Click Next, then Finish to complete the installation, and terminate the execution of the mwcontrol utility.

    Note the following points about your application's configuration file before you modify it in Step 10:

    • The configuration files for a client are stored in the client's bin\LANGUAGE directory, where LANGUAGE represents an installed language pack, such as ENU for U.S. English.
    • When synchronization is performed within an application (using File, Synchronize, and then Database), configuration is read from the configuration file associated with the application (for example, siebel.cfg for Siebel Sales).

      For more information about working with the Siebel application configuration files, see Siebel System Administration Guide.

  10. Locate the DockConnString parameter in the [Local] section of the file.

    This parameter specifies the name of the Siebel Server used to synchronize with the client. It has the following format:


    Encryption is the fifth element in the DockConnString parameter. This element indicates the type of encryption used during synchronization.

    An example of a DockConnString parameter value is as follows:


  11. Override the default NONE and set encryption to MSCRYPTO or RSA.

    The encryption you specify must match the encryption used by the Siebel Server. If no value is specified (or the value is NONE), then encryption is not enabled. For example, to configure for RSA encryption, use one of the following:

  12. Save your changes and exit the file.

    For more information about editing configuration files for Siebel Remote and Mobile Web Clients, see Siebel Remote and Replication Manager Administration Guide and Siebel System Administration Guide.

  13. Restart the Siebel Server or SWSE computer on which you installed the certificate file.
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.