Configuring TLS Encryption for Siebel Remote

This task is a step in Process of Configuring Encryption and Authentication for the Remote Client.

As of Siebel CRM 19.6 Update, Siebel Remote supports Transport Layer Security (TLS) for Synchronization Manager synchronization with remote clients.

To use TLS encryption, SHA-2 certificate files must be deployed on the Siebel Server and the remote clients and TLS encryption must be configured for the Synchronization Manager component and the remote clients. If the parameters do not match each other, then a connection error occurs. For more information about using certificates and key files for TLS authentication, see Siebel Security Guide. For information about setting parameters for servers and clients, see Siebel System Administration Guide.

To configure TLS encryption on Siebel Server

Deploy the certificate files on the Siebel Server. For example, on Microsoft Windows you might deploy the certificate in a directory like C:\siebelcerts. Perform this step if you have not already configured TLS for this Siebel Server.
In the Siebel application, make sure advanced parameters are visible.

For more information, see Making Advanced Server Parameters Visible.
Set the Communication Type (alias CommType) parameter server component to TLS for the Synchronization Manager component.
- To use the administrative interface, you do the following steps:
  - Locate the record for the Synchronization Manager server component. For more information, see Locating the Record for a Server Component.
  - Click the Parameters tab, click Advanced, and then query the Parameter field for Communication Type.
  - Set the Value on Restart field to TLS.
- Alternatively, you can set this parameter in Server Manager by using a command like the following:
```
srvrmgr> change param CommType=TLS for comp SynchMgr
```
See also Opening the Command Line Interface for Server Manager.
If the Encryption Type (alias Crypt) parameter is set to RSA (or any other value) for Synchronization Manager, then set it to None.
Set the KeyFilePassword, KeyFileName, CertFileName, and CACertFileName parameters at the enterprise level to specify the certificate files you have deployed, using commands like the following. Perform this step if you have not already configured TLS for this Siebel Server.
```
srvrmgr> change ent param KeyFilePassword=pwd
srvrmgr> change ent param KeyFileName=key_file_name
srvrmgr> change ent param CertFileName=cert_file_name
srvrmgr> change ent param CACertFileName=CA_cert_file_name
```
Note: The parameter values must include the full path and file name for each file referenced. For example, for CACertFileName, you might set CA_cert_file_name to a value like /export/home/sblqa1/certs/cacert.pem.
Stop the Siebel Server system service, and then restart it.

To configure TLS encryption on each remote client

Deploy a copy of the same certificate file that you deployed on the server and specified using the CACertFileName parameter.

You must deploy this certificate file in the SIEBEL_CLIENT_ROOT\siebelcertsdirectory, such as C:\Siebel\Client\siebelcerts. Create this directory if it does not exist.
Create a configuration file named configuration.properties in the directory where you deployed the certificate file. Edit the file in a text editor like Notepad and include an entry like the following to specify the certificate file:
```
[CertificationInfo]
CACertFileName=SIEBEL_CLIENT_ROOT\siebelcerts\cacert.pem
```
For example, set a value like C:\Siebel\Client\siebelcerts\cacert.pem.
Edit the application configuration file (such as siebel.cfg or uagent.cfg) in a text editor like Notepad. In the [LOCAL_SE] section, change the value of the DockConnString parameter for the local database. Add :TLS at the end of the value. (If necessary, first remove the values RSA or None at the end of the line, including preceding colons.)

For more information, see Formatting the DockConnString Parameter and Modifying the Siebel Configuration File for Siebel Remote.