Chapter 13 Entrust PKI Integration
There are three usage scenarios involving Entrust IDs and non-Entrust certificates:
In this scenario, you use EAServer's Security Manager to access the Sybase PKCS #11 token to manage EAServer's keys and certificates. On the client, you use either the browser's mechanism to manage keys and certificates for Java applets or the standalone Security Manager to access the Sybase PKCS #11 token to manage keys and certificates for C++ and Java applications.
See Chapter 12, "Managing Keys and Certificates" for information about Security Manager and Netscape certificate management.
In a mixed environment of Entrust IDs and non-Entrust certificates, each side (client and server) must import the other's CA certificate so that it will be recognized and accepted as coming from a trusted CA. For example, import the Entrust CA certificate into the non-Entrust server's PKCS #11 token using Security Manager (the Entrust CA certificate is imbedded in the user profile's .key file). Mark the CA certificate trusted.
See Chapter 12, "Managing Keys and Certificates" for information about importing CAs and marking certificates as trusted.
You can then use the certificates and Entrust IDs as follows:
When both the client and server use Entrust IDs, use Entrust to manage the IDs and use Jaguar Manager to establish a security profile that uses those IDs.
See "Defining security profiles" for information on configuring security profiles to use either Entrust IDs or non-Entrust certificates and enabling non-Entrust clients to connect to a listener using Entrust IDs.
| Copyright © 2002 Sybase, Inc. All rights reserved. |
| |