Installing Certificate Files on UNIX for Client Authentication

When using the EAI HTTP Transport business service with the TLS protocol, you might have to install certificate files, for example, if you want to enable client authentication. For information on client authentication, see Configuring TLS Mutual Authentication for SHA-2 Certificates Using EAI HTTP Transport.

If you are using a UNIX-based operating system, then Siebel Business Applications provide a utility, the mwcontrol utility, that enables you to install on your Siebel Server the certificate authority and certificate files required when using EAI HTTP Transport with TLS.

When you use the mwcontrol utility to install a certificate file, the certificate file must be located on a local volume. You cannot use the mwcontrol utility to install certificate files that are located on a network-attached storage (NAS) device or other remote volume.

The following procedure describes how to use the mwcontrol utility to install certificate files. Run the mwcontrol utility on each Siebel Server and Siebel Application Interface computer where you want to install client authentication certificate files.

To invoke the mwcontrol utility and install certificate files

Depending on the type of UNIX operating system you use, enter the following commands:
- For Bourne shell or Korn shell:
```
. ./siebenv.sh
```
- For C shell:
```
source siebenv.csh
```
Set your DISPLAY environment variable to the IP address of the computer that hosts the mwcontrol utility:
- For Bourne shell or Korn shell:
```
export DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0 
```
- For C shell:
```
setenv DISPLAY ipaddress of the computer that hosts the mwcontrol utility:0.0 
```
  If you are using an X-Windows client, then 00 is the connection identifier.
To invoke the mwcontrol utility, run the following command:
```
mwcontrol $SIEBSRVR_ROOT/mw/lib/inetcpl.cpl
```
where $SIEBSRVR_ROOT is the Siebel Server installation directory.
The wizard appears.
Select the Content tab, then click the Certificates button. The Certificate Manager appears.
Select the tab that corresponds to the type of certificate you want to install. For example to install a certifying authority certificate, select Trusted Root Certification Authorities tab.
Click Import to display the Certificate Manager Import Wizard, then click Next to navigate to the location where you stored the certificate file you want to install.
Select the certificate, and click Next.
Select the check box Automatically select the certificate store based on the type of certificate, then click Next.
Click Next, then Finish to complete the installation, and terminate the execution of the mwcontrol utility.
Configure the DockConnString parameter in the [LOCAL_SE] section of your application’s configuration file as required, then save the changes and exit the file.

Note: As of Siebel CRM 20.8 Update, Oracle Database SE2 has replaced Oracle Database XE for the local database for Siebel Mobile Web Client. For more information, see Siebel Installation Guide.
The DockConnString parameter specifies the name of the Siebel Server used to synchronize with the client and the type of encryption to use during synchronization, and it has the following format:
```
siebel_server_name::sync_port_number:encryption
```
Example values for the DockConnString parameter follow. For more information about configuring the DockConnString parameter, see Configuring Encryption for Mobile Web Client Synchronization.
- If using TCP-IP: APPSRV::40400
- If using TLS: APPSRV::40400:TLS
Restart the Siebel Server or Siebel Application Interface computer on which you installed the certificate file.