1. Security Guide
  2. About Certificates and Key Files Used for TLS Authentication

About Certificates and Key Files Used for TLS Authentication

When you configure TLS authentication for a Siebel Enterprise, Siebel Server, or Siebel Application Interface, you specify parameter values that indicate the names of certificate files, certificate authority files, and private key files on the computers that host these components. The certificate files you use for this purpose can be issued by and obtained from third-party certificate authorities. Certificate authority files identify the third-party certificate authority who issued the certificate.

Certificate files must adhere to the following requirements:

  • Use a supported certificate file format:

    • On Microsoft Windows environments, certificate authority files can use either ASN (Abstract Syntax Notation) or PEM (Privacy Enhanced Mail) format.

      The ASN.1 format is also referred to as the Distinguished Encoding Rules (DER) format. Rename certificate files in DER format to have the file extension .asn.

    • On UNIX environments, certificate authority files must use the PEM (Base 64 encoded X.509) format. Certificate files in ASN format cannot be used in UNIX environments.

    • Private key files must use the PEM format.

      The certificate file must use the file extension that corresponds to the certificate file format in use: .pem for the PEM format and .asn for the ASN format. You can convert PEM-based certificate files to the ASN-based format.

  • Certificate files on each computer must be unique and belong to that computer if Enable Peer Authentication parameter is set to TRUE on the remote computer.

  • If an intermediate certification authority is used, then both the intermediate and the root certificate authority certificates must be in the same file. You specify the name of this file in the Certificate Authority (CA) Certificate File Name parameter when you configure TLS for communication between Siebel components.

Certificate files and private key files are typically installed on each computer that hosts a component or module for which you configure TLS, such as the Siebel Server or Siebel Application Interface. You do not have to authenticate or encrypt communications between components on the same computer. For information on installing certificate files, see Installing Certificate Files.