Siebel CRM Siebel Security Guide Siebel Innovation Pack 2017, Rev. A E24814-01 |
|
![]() Previous |
![]() Next |
View PDF |
When you configure TLS authentication for a Siebel Enterprise, Siebel Server, or Siebel Application Interface, you specify parameter values that indicate the names of certificate files, certificate authority files, and private key files on the computers that host these components. The certificate files you use for this purpose can be issued by and obtained from third-party certificate authorities. Certificate authority files identify the third-party certificate authority who issued the certificate.
Certificate files must adhere to the following requirements:
Use a supported certificate file format:
On Microsoft Windows environments, certificate authority files can use either ASN (Abstract Syntax Notation) or PEM (Privacy Enhanced Mail) format.
The ASN.1 format is also referred to as the Distinguished Encoding Rules (DER) format. Rename certificate files in DER format to have the file extension .asn.
On UNIX environments, certificate authority files must use the PEM (Base 64 encoded X.509) format. Certificate files in ASN format cannot be used in UNIX environments.
Private key files must use the PEM format.
The certificate file must use the file extension that corresponds to the certificate file format in use: .pem for the PEM format and .asn for the ASN format. You can convert PEM-based certificate files to the ASN-based format.
Certificate files on each computer must be unique and belong to that computer if Enable Peer Authentication parameter is set to TRUE on the remote computer.
If an intermediate certification authority is used, then both the intermediate and the root certificate authority certificates must be in the same file. You specify the name of this file in the Certificate Authority (CA) Certificate File Name parameter when you configure TLS for communication between Siebel components.
Certificate files and private key files are typically installed on each computer that hosts a component or module for which you configure TLS, such as the Siebel Server or Siebel Application Interface. You do not have to authenticate or encrypt communications between components on the same computer. For information on installing certificate files, see "Installing Certificate Files".
A certificate authority certifies ownership of the public and private key pairs that are used to encrypt and decrypt TLS communications. Messages are encrypted with the public key and decrypted with the private key. The certificate key size refers to the size, in bits, of the encryption key provided with the certificate.
For TLS authentication in a Siebel Enterprise, Siebel Server, or Siebel Application Interface, Siebel Business Applications support certificates that use an encryption key size of 1024 bits by default. You can use a higher encryption key size, such as 2048 or 4096 bits, as well.
The size of the certificate key supported depends on the components for which you are configuring TLS communications. Table 4-1 shows the certificate key sizes supported for communications between different components in a Siebel Business Applications deployment.
Table 4-1 Encryption Key Sizes Supported For TLS Certificates
TLS Communication Type | Supported Key Size |
---|---|
TLS communications Communications between the Siebel Server and the Web server (Siebel Application Interface), and between Siebel Servers. |
1024-bit certificate keys are supported by default. Certificate key sizes larger than 1024 bits, such as 2048-bit or 4096-bit keys, are also supported. |
TLS communications between Web clients and the Web server. |
The acceptable protocols and key sizes are determined by the underlying operating system and Web server software. In most cases, these systems support larger private key sizes. |
TLS communications between developer clients (including Siebel Tools) and components in the Siebel environment. |
1024-bit certificate keys only are supported. |
TLS communications between the Siebel Server and the Siebel database. |
The key size supported is determined by the third-party database used and database client software. |
TLS communications between Siebel security adapters and external directory servers. |
These connections can support larger bit sizes for certificate keys. |
TLS communications for Web services. |
Web services support up to 4096-bit certificate keys. |