Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes how to install certificate files on Microsoft Windows and on Unix operating systems. For information on using certificate files, see "About Certificates and Key Files Used for TLS Authentication".
This task is a step in "Process of Configuring Secure Communications".
If you have enabled Oracle's Siebel Open UI, and if you are not using Internet Explorer to run your Siebel application, see your browser documentation for information on installing certificate files.
If you are using a Siebel high-interactivity or standard-interactivity client, then you import certificate authority files and certificate files using Microsoft Internet Explorer's Certificate Import Wizard. For information on how to use this wizard, see the Microsoft documentation.
If you are using a UNIX operating system, then refer to the following for information on obtaining certificate authority files and certificate files:
TLS encryption for Siebel Web Client connections to the Web server. Refer to your Web server documentation for information on encrypting data transmission and on certificate requirements.
TLS Encryption for SISNAPI connections. Obtain the required certificate files and locate them on a local volume; they do not have to be installed.
TLS encryption for connections to LDAP directories or to Active Directory. The LDAP security adapter uses Oracle Wallet Manager to handle the installation of certificates. For information, see "Creating a Wallet for Certificate Files When Using LDAP Authentication with TLS".
Communications encryption between the Siebel Server and the Database Server. Refer to your third-party RDBMS vendor for information on configuring communications encryption and certificate requirements.
When using the EAI HTTP Transport business service with the TLS protocol, you might have to install certificate files, for example, if you want to enable client authentication. For information on client authentication, see "Configuring TLS Mutual Authentication".
If you are using a UNIX-based operating system, then Siebel Business Applications provide a utility, the mwcontrol utility, that enables you to install on your Siebel Server and SWSE computers the certificate authority and certificate files required when using EAI HTTP Transport with TLS.
When you use the mwcontrol utility to install a certificate file, the certificate file must be located on a local volume. You cannot use the mwcontrol utility to install certificate files that are located on a network-attached storage (NAS) device or other remote volume.
The following procedure describes how to use the mwcontrol utility to install certificate files. Execute the mwcontrol utility on each Siebel Server and SWSE computer where you want to install client authentication certificate files.
To invoke the mwcontrol utility and install certificate files
Depending on the type of UNIX operating system you use, enter the following commands:
For Bourne shell or Korn shell:
. ./siebenv.sh
For C shell:
source siebenv.csh
Set your DISPLAY
environment variable to the IP address of the computer that hosts the mwcontrol utility:
For Bourne shell or Korn shell:
export DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0
For C shell:
setenv DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0
If you are using an X-Windows client, then 00
is the connection identifier.
To invoke the mwcontrol utility, execute the following command:
mwcontrol $SIEBSRVR_ROOT/mw/lib/inetcpl.cpl
where $SIEBSRVR_ROOT
is the Siebel Server installation directory.
Alternatively, if you are running this procedure on your SWSE computer, then replace $SIEBSRVR_ROOT
with the location of the SWSE installation directory.
The wizard appears.
Select the Content tab, then click the Certificates button.
The Certificate Manager appears.
Select the tab that corresponds to the type of certificate you want to install.
For example to install a certifying authority certificate, select Trusted Root Certification Authorities tab.
Click Import to display the Certificate Manager Import Wizard, then click Next to navigate to the location where you stored the certificate file you want to install.
Select the certificate, and click Next.
Select the check box Automatically select the certificate store based on the type of certificate, then click Next.
Click Next, then Finish to complete the installation, and terminate the execution of the mwcontrol utility.
Note the following points about your application's configuration file before you modify it in 10:
The configuration files for a client are stored in the client's bin\
LANGUAGE directory, where LANGUAGE
represents an installed language pack, such as ENU for U.S. English.
When synchronization is performed within an application (using File, Synchronize, and then Database), configuration is read from the configuration file associated with the application (for example, siebel.cfg for Siebel Sales).
For more information about working with the Siebel application configuration files, see Siebel System Administration Guide.
Locate the DockConnString parameter in the [Local] section of the file.
This parameter specifies the name of the Siebel Server used to synchronize with the client. It has the following format:
siebel_server_name:network_protocol:sync_port_#:service:encryption
Encryption is the fifth element in the DockConnString parameter. This element indicates the type of encryption used during synchronization.
An example of a DockConnString
parameter value is as follows:
APPSRV:TCPIP:40400:SMI:RSA
Override the default NONE
and set encryption to MSCRYPTO
or RSA
.
The encryption you specify must match the encryption used by the Siebel Server. If no value is specified (or the value is NONE
), then encryption is not enabled. For example, to configure for RSA encryption, use one of the following:
APPSRV:TCPIP:40400:DOCK:RSA
APPSRV::RSA
Save your changes and exit the file.
For more information about editing configuration files for Siebel Remote and Mobile Web Clients, see Siebel Remote and Replication Manager Administration Guide and Siebel System Administration Guide.
Restart the Siebel Server or SWSE computer on which you installed the certificate file.
The following procedure shows you how to set HTTP proxy for UNIX using the mwcontrol utility. A proxy server is a computer that acts as an intermediary between a user's computer and the Internet. A proxy server allows client computers to make indirect network connections to other network services.
To set HTTP proxy for UNIX using the mwcontrol utility
Change directory to Siebel root bin as follows:
cd $SIEBEL_ROOT/mw/bin
Enter the following command:
mwcontrol $SIEBEL_ROOT/mw/lib/inetcpl.cpl
The Internet Properties window opens.
In the Internet Properties window, click the Connections tab, and then enter the proxy server address and port. For example:
Address: www.
proxyservername
.com
Port: 80
Proxy server details are specific to an organization.