Go to primary content
Siebel CRM Siebel Security Guide
Siebel Innovation Pack 2017, Rev. A
E24814-01
  Go to Documentation Home
Home		 Go To Table Of Contents
Contents		 Go To Index
Index
Previous
Previous 		 Next
Next		     View PDF

Configuring TLS Encryption for Siebel Enterprise or Siebel Server

This topic describes how to configure a Siebel Enterprise or Siebel Server to use TLS encryption and authentication for communications between Siebel Servers and the Web server (Siebel Application Interface), and between Siebel Servers. Configuring TLS for communications is optional.

This task is a step in "Process of Configuring Secure Communications".

Configuring TLS communications between Siebel Servers and the Web server also requires that you configure the Siebel Application Interface to use TLS. When configuring TLS for Siebel Server and the Siebel Application Interface, you can also configure connection authentication for the relevant modules. In other words, when a module connects to another module, modules might be required to authenticate themselves against the other using third-party certificates.

Connection authentication scenarios are:

If you select the peer authentication option, mutual authentication is performed.

Configuring a Siebel Enterprise or Siebel Server to use TLS encryption involves the following tasks:

  1. Run the Siebel Management Console for the Siebel Enterprise or Siebel Server and select the appropriate option to deploy TLS.

    This task is described in "Deploying TLS for a Siebel Enterprise or Siebel Server".

  2. For each Application Object Manager that is to use TLS, set the CommType parameter to TLS as appropriate.

    This task is described in "Setting Additional Parameters for Siebel Server TLS".

Deploying TLS for a Siebel Enterprise or Siebel Server

The following procedure describes running the Siebel Management Console to deploy TLS for a Siebel Server or a Siebel Enterprise. Performing this procedure adds parameters to the Siebel Gateway; these parameters can alternatively be set using Siebel Server Manager.


Note:

If you configure TLS for the Siebel Enterprise, then all Siebel Servers in the Enterprise inherit all settings. These settings include the key file name and password and certificate file names. You can run the Siebel Management Console again later to separately configure individual Siebel Servers, at which time you can specify unique key file names or passwords or unique certificate file names. In order to completely configure TLS for your Siebel Servers, you must run this utility.

To enable TLS encryption for the Siebel Server or Enterprise: 

  1. Before you begin, obtain and install the necessary certificate files that you need if you are configuring TLS authentication.

  2. If you are running the Siebel Management Console to configure the Siebel Enterprise, then do the following:

    1. Start the Siebel Management Console and configure values for the Enterprise.

      For information on this task, see Siebel Installation Guide for the operating system you are using.

    2. When the Additional Tasks for Configuring the Enterprise screen appears, select the Enterprise Network Security Encryption Type option.

    3. On the Security Encryption Level or Type screen, select the following option: Using TLS 1.2.

    4. Proceed to Step 4.

  3. Alternatively, to run the Siebel Management Console directly on a Siebel Server computer, do the following:

    1. Start the Siebel Server Management Console directly and configure values for the Siebel Server.

      For information on this task, see Siebel Installation Guide for the operating system you are using.

    2. When the Additional Tasks for Configuring the Siebel Server screen is displayed, select the Server-Specific Security Encryption Settings option.

    3. On the Security Encryption Level or Type screen, select the following option: Using TLS 1.2.

    4. Proceed to Step 4.

  4. Specify the name and location of the certificate file and the certificate authority file.

    The parameters to configure in the Siebel Gateway are:

    • Certificate File Name (CertFileName)

    • Certificate Authority (CA) Certificate File Name

    For more information about these parameters, see Table A-1.

  5. Specify the name of the private key file, and the password for the private key file, then confirm the password. The password you specify is stored in encrypted form.

    The parameters to configure in the Siebel Gateway are:

    • Private Key File Name

    • Private Key File Password

    For more information about these parameters, see Table A-1.

  6. Specify whether or not you want to enable peer authentication.

    Peer authentication means that this Siebel Server authenticates the client (that is, Siebel Application Interface or another Siebel Server) that initiates a connection. Peer authentication is disabled (or false) by default.

    The peer authentication parameter is ignored if TLS is not deployed between the Siebel Server and the client (either the Siebel Application Interface or another Siebel Server). If peer authentication is enabled (set to True) on the Siebel Server, then a certificate from the client is authenticated provided that the Siebel Server has the certifying authority's certificate to authenticate the client's certificate. The client must also have a certificate. If TLS is deployed and the Siebel Application Interface has a certificate, then it is recommended that you enable peer authentication on both the Siebel Server and the Siebel Application Interface to obtain maximum security.

    The parameter to configure in the Siebel Gateway is Enable Peer Authentication.

  7. Specify whether or not you require peer certificate validation.

    Peer certificate validation performs reverse-DNS lookup to independently verify that the hostname of the Siebel Server computer matches the hostname presented in the certificate. Peer certificate validation is false by default.

    The parameter to configure in the Siebel Gateway is Validate Peer Certificate.

    Depending on the Siebel Management Console you are running, you return to either the Siebel Enterprise or the Siebel Server configuration process.

  8. Continue to configure values for the Siebel Enterprise or Siebel Server, then review the settings, finish configuration, and restart the server.

  9. Perform the tasks in "Setting Additional Parameters for Siebel Server TLS".

  10. Repeat this procedure for each Siebel Server in your environment, as necessary.

    Make sure you also configure each Siebel Application Interface in your environment. For information, see "Configuring TLS Encryption for Siebel Application Interface".

Setting Additional Parameters for Siebel Server TLS

After configuring TLS for a Siebel Server, you must set additional server parameters (on the gateway) to enable TLS for the Siebel Server as described in the following procedure.

To set additional parameters for Siebel Server TLS  

  1. Using Siebel Server Manager, set the Communication Transport parameter (alias CommType) to TLS as appropriate for each Application Object Manager that is to use TLS. (TCP/IP is used by default.)

    For information on using Siebel Server Manager, see Siebel System Administration Guide.

  2. If you previously used RSA encryption, then, using Siebel Server Manager, set the Security Encryption Level or Type parameter (alias Crypt) to NONE for the Siebel Enterprise.

  Previous
Previous 		 Next
Next
  Go to Documentation Home
Home		 Go To Table Of Contents
Contents		 Go To Index
Index