Siebel Security Guide > Security Adapter Authentication > Process of Installing and Configuring LDAP Client Software >
Creating a Wallet for Certificate Files When Using LDAP Authentication with SSL
If you are using LDAP authentication with SSL, then you must use Oracle Wallet Manager to create a wallet to store the certificates required for SSL communications. This topic describes how to create the wallet, and how to enable SSL for the Siebel LDAP security adapter. For detailed information on using Oracle Wallet Manager, see Oracle® Database Advanced Security Administrator's Guide. By enabling SSL for the Siebel LDAP security adapter, a secure connection is established between the Siebel application and the LDAP server. For information on enabling SSL for an LDAP server, refer to your third-party LDAP server administration documentation. This topic assumes that the LDAP server is already SSL-enabled, that is, it accepts SSL connections. This task is a step in Process of Installing and Configuring LDAP Client Software. Generating an Oracle Wallet
To enable SSL for the Siebel LDAP security adapter, an Oracle wallet must be created on the Siebel Server computer which runs the Application Object Managers or other components that must support LDAP authentication through the LDAP security adapter. The Oracle wallet must contain CA server certificates that have been issued by Certificate Authorities to LDAP servers. Use the following procedure to create an Oracle wallet. To create an Oracle wallet
- Determine which Certificate Authorities issued the server certificate for your LDAP server and obtain this CA certificate.
- Copy the CA certificate to the computer where you have installed Oracle Wallet Manager.
- On the Siebel Server computer where you will run the Application Object Manager components that support LDAP authentication, create an Oracle wallet using Oracle Wallet Manager.
To create the wallet, follow the detailed instructions in Oracle® Database Advanced Security Administrator's Guide. Specify the following values:
- In the New Wallet dialog box, enter a password for the wallet in the Wallet Password field, then reenter the password in the Confirm Password field.
- From the Wallet Type list, select Standard, then click OK.
A new empty wallet is created.
- When prompted to specify whether or not you want to add a certificate request, select No.
You return to the Oracle Wallet Manager main window.
- Save the wallet by selecting Wallet, then Save In System Default to save the wallet file to the default directory location:
- Import the certificate referred to in Step 2 into the wallet you have created.
You can import as many CA certificates as required. For information on importing certificates, see Oracle® Database Advanced Security Administrator's Guide.
NOTE: For LDAP servers that have their server certificate issued from a new CA, just add the CA certificate to the existing wallet, instead of creating a new wallet for every LDAP server.
Enabling SSL for the Siebel LDAP Security Adapter
Use the procedure below to configure SSL for the Siebel LDAP security adapter. For more information about LDAP security adapter configuration, see Configuring LDAP or ADSI Security Adapters Using the Siebel Configuration Wizard. To enable SSL for the Siebel LDAP security adapter
- Copy the wallet you created in Generating an Oracle Wallet to the Siebel Server computer where you will run the Application Object Manager components that support LDAP authentication.
- Modify the LDAP security adapter configuration parameters using values similar to those shown in the following table.
|
|
port |
port_number The SSL port is configurable for the LDAP server. Verify the actual port number the LDAP server is using for SSL and specify that value. The default value is 636. |
ssldatabase |
wallet_directory_path Specify the absolute path to the wallet directory, for example: file: c:\sslwallet
where:
file is the wallet resource locator type
c:\sslwallet is the directory containing the wallet
|
WalletPassword |
wallet_password Specify the password you assigned to the wallet in Step a. |
For information on configuring parameters for the LDAP security adapter, see Parameters for LDAP or ADSI Authentication.
- Restart the Siebel Server (if you are configuring LDAP on a Siebel Server).
|