Siebel CRM Siebel Security Guide Siebel Innovation Pack 2016, Rev. A E24814-01 |
|
Previous |
Next |
View PDF |
This topic describes how to upgrade Siebel Business Applications to 128-bit, 192-bit, or 256-bit encryption.
You can upgrade the key database file to use AES encryption provided you have implemented Siebel Strong Encryption as described in "Implementing Siebel Strong Encryption". Table 4-4 shows the supported data encryption upgrade scenarios.
Table 4-4 Supported Encryption Upgrade Scenarios
Encryption Level to Upgrade from | Upgrade to 256-bit AES Encryption |
---|---|
No encryption |
Yes |
Standard Encryptor encryption |
Yes |
56-bit RC2 encryption |
Yes |
128-bit RC2 encryption |
Yes |
128-bit AES encryption |
Yes |
192-bit AES encryption |
Yes |
The following procedure describes how you upgrade the key database file to use a higher level of encryption.
To upgrade the key database file to use a higher level of encryption
Implement Siebel Strong Encryption as described in "Implementing Siebel Strong Encryption".
Make sure that the Siebel Gateway Name Server and Siebel Servers within the Siebel Enterprise are running.
On the Siebel Server where the Siebel Strong Encryption files are located, open a command-line window and navigate to the following directory:
SIEBEL_ROOT\siebsrvr\bin
Execute the appropriate command:
On Windows:
keydbupgrade.exe /u db_username /p db_password /l language /c config_file
On UNIX:
keydbupgrade /u db_username /p db_password /l language /c config_file
The following table describes the flags and parameters for the keydbupgrade command.
Flag | Parameter | Description |
---|---|---|
/u |
db_username | User name for the database user |
/p |
db_password | Password for the database user |
/l |
language | Language type |
/c |
config_file | Full path to the application configuration file, such as siebel.cfg for Siebel Sales |
When prompted, enter the key length you are upgrading from. If you have not implemented encryption before, then select 56-bit encryption.
Select the key length to upgrade to.
Enter the key database manager password.
The utility upgrades the encryption level to the level you specified in 6. For information about the key database manager password, see "Managing the Key File Using the Key Database Manager".
To verify that the encryption level has been upgraded, note if the timestamp for keyfile.bin matches the time when you executed the keydbupgrade utility.
After you verify that the encryption level has been upgraded, perform the following tasks in the order listed:
Add a new encryption key.
For information, see "Adding New Encryption Keys".
Change the Siebel administrator password so that it is reencrypted using the new encryption algorithm provided by Siebel Strong Encryption.
For information on this task, refer to one of the following topics:
"Changing System Administrator Passwords on Microsoft Windows". After changing the password, delete the Siebel Server system service and re-create it using the new password.
Reencrypt Gateway Name Server parameters that are encrypted in the siebns.dat file.
For information, see "Reencrypting Password Parameters in the Siebns.dat File".
Distribute the key file (keyfile.bin
) that contains the increased encryption level to the other Siebel Servers in your Siebel Enterprise. Place it in the same directory on each Siebel Server, that is:
SIEBEL_ROOT\siebsrvr\admin\
Upgrade existing encrypted data to use the new encryption level.
For information on this task, see "About Upgrading Data to a Higher Encryption Level".