Installing Certificate Files

This topic describes how to install certificate files on Microsoft Windows and on Unix operating systems, and includes information about the following:

• "About Installing Certificate Files on Windows"

• "About Installing Certificate Files on UNIX"

• "Installing Certificate Files on UNIX for Client Authentication"

• "Setting HTTP Proxy for UNIX Using the mwcontrol Utility"

For information on using certificate files, see "About Certificates and Key Files Used for TLS Authentication".

This task is a step in "Process of Configuring Secure Communications".

About Installing Certificate Files on Windows

If you have enabled Oracle's Siebel Open UI, and if you are not using Internet Explorer to run your Siebel application, see your browser documentation for information on installing certificate files.

About Installing Certificate Files on UNIX

If you are using a UNIX operating system, then refer to the following for information on obtaining certificate authority files and certificate files:

• TLS Encryption for Siebel component connections. Obtain the required certificate files and locate them on a local volume; they do not have to be installed.

• TLS encryption for connections to LDAP directories. The LDAP security adapter uses Oracle Wallet Manager to handle the installation of certificates. For information, see "Creating a Wallet for Certificate Files When Using LDAP Authentication with TLS".

• Communications encryption between the Siebel Server and the Database Server. Refer to your third-party RDBMS vendor for information on configuring communications encryption and certificate requirements.

Installing Certificate Files on UNIX for Client Authentication

When using the EAI HTTP Transport business service with the TLS protocol, you might have to install certificate files, for example, if you want to enable client authentication. For information on client authentication, see "Configuring TLS Mutual Authentication for SHA-2 Certificates Using EAI HTTP Transport".

If you are using a UNIX-based operating system, then Siebel Business Applications provide a utility, the mwcontrol utility, that enables you to install on your Siebel Server the certificate authority and certificate files required when using EAI HTTP Transport with TLS.

When you use the mwcontrol utility to install a certificate file, the certificate file must be located on a local volume. You cannot use the mwcontrol utility to install certificate files that are located on a network-attached storage (NAS) device or other remote volume.

The following procedure describes how to use the mwcontrol utility to install certificate files. Execute the mwcontrol utility on each Siebel Server and Siebel Application Interface computer where you want to install client authentication certificate files.

To invoke the mwcontrol utility and install certificate files 

1. Depending on the type of UNIX operating system you use, enter the following commands:

   • For Bourne shell or Korn shell:

     . ./siebenv.sh
     

   • For C shell:

     source siebenv.csh
     

2. Set your DISPLAY environment variable to the IP address of the computer that hosts the mwcontrol utility:

   • For Bourne shell or Korn shell:

     export DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0
     

   • For C shell:

     setenv DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0
     

   If you are using an X-Windows client, then 00 is the connection identifier.

3. To invoke the mwcontrol utility, execute the following command:

   mwcontrol $SIEBSRVR_ROOT/mw/lib/inetcpl.cpl
   

   where $SIEBSRVR_ROOT is the Siebel Server installation directory.

   The wizard appears.

4. Select the Content tab, then click the Certificates button.

   The Certificate Manager appears.

5. Select the tab that corresponds to the type of certificate you want to install.

   For example to install a certifying authority certificate, select Trusted Root Certification Authorities tab.

6. Click Import to display the Certificate Manager Import Wizard, then click Next to navigate to the location where you stored the certificate file you want to install.

7. Select the certificate, and click Next.

8. Select the check box Automatically select the certificate store based on the type of certificate, then click Next.

9. Click Next, then Finish to complete the installation, and terminate the execution of the mwcontrol utility.

   Note the following points about your application's configuration file before you modify it in 10:

   • The configuration files for a client are stored in the client's bin\LANGUAGE directory, where LANGUAGE represents an installed language pack, such as ENU for U.S. English.

   • When synchronization is performed within an application (using File, Synchronize, and then Database), configuration is read from the configuration file associated with the application (for example, siebel.cfg for Siebel Sales).

     For more information about working with the Siebel application configuration files, see Siebel System Administration Guide.

10. Locate the DockConnString parameter in the [Local] section of the file.

    This parameter specifies the name of the Siebel Server used to synchronize with the client. It has the following format:

    siebel_server_name:network_protocol:sync_port_#:service:encryption
    

    Encryption is the fifth element in the DockConnString parameter. This element indicates the type of encryption used during synchronization.

    An example of a DockConnString parameter value is as follows:

    APPSRV:TCPIP:40400:SMI:RSA
    

11. Override the default NONE and set encryption to RSA.

    The encryption you specify must match the encryption used by the Siebel Server. If no value is specified (or the value is NONE), then encryption is not enabled. For example, to configure for RSA encryption, use one of the following:

    • APPSRV:TCPIP:40400:DOCK:RSA

    • APPSRV::RSA

12. Save your changes and exit the file.

    For more information about editing configuration files for Siebel Remote and Mobile Web Clients, see Siebel Remote and Replication Manager Administration Guide and Siebel System Administration Guide.

13. Restart the Siebel Server or Siebel Application Interface computer on which you installed the certificate file.

Setting HTTP Proxy for UNIX Using the mwcontrol Utility

The following procedure shows you how to set HTTP proxy for UNIX using the mwcontrol utility. A proxy server is a computer that acts as an intermediary between a user's computer and the Internet. A proxy server allows client computers to make indirect network connections to other network services.

To set HTTP proxy for UNIX using the mwcontrol utility 

1. Change directory to Siebel root bin as follows:

   cd $SIEBEL_ROOT/mw/bin
   

2. Enter the following command:

   mwcontrol $SIEBEL_ROOT/mw/lib/inetcpl.cpl
   

3. The Internet Properties window opens.

4. In the Internet Properties window, click the Connections tab, and then enter the proxy server address and port, for example, as follows:

   Address: www.proxyservername.com

   Port: 80

   Proxy server details are specific to an organization.