Chapter 14 Tutorial: Using SSL

Setting up your browser

In this tutorial, your browser connects to EAServer through a listener that requires client authentication. This requires you to install a personal certificate in the browser that authenticates your identity.

To install a personal certificate in your browser:

1. Start the server, Jaguar Manager, and Security Manager.
2. Export a personal (user) certificate signed by the Jaguar test CA.
3. Import the user certificate to your browser.

Start the server, Jaguar Manager, and Security Manager

If the server is not already running, follow the instructions under "Starting EAServer" in the EAServer Installation Guide to start the server.

If Jaguar Manager and Security Manager are not already running, start them as described in "Starting Jaguar Manager and Security Manager" in the EAServer Installation Guide.

Obtain and install a personal certificate

You need a personal certificate installed in your browser before the sample applets can attach to EAServer listener ports that require client authentication.

There are a variety of ways to get a personal certificate:

• Attach to an in-house CA Supply the required information to request a personal certificate.
• Use a public CA You can obtain your certificate from any public CA. A number of public CAs are available through your browser. To request a certificate through a Netscape browser:
  1. Click the Security icon on the tool bar.
  2. Click Yours on the left side of the window. This displays a list of your certificates.
  3. If no certificates are displayed, you need to get one. Click Get a Certificate. You see a Web page of public CAs.
     
     You need to obtain a certificate from a CA that EAServer recognizes, or use Security Manager to install the CA's certificate and mark it trusted. In Security Manager, click the Trusted CAs folder to display a list of the trusted certificate signers that EAServer recognizes.
  4. Select a CA and follow the instructions to obtain your certificate.
• Use the sample certificates EAServer comes with two sample personal (user) certificates signed by the test CA that you can use to authenticate yourself when connecting to EAServer listeners that require client authentication.
  
  For this tutorial, export a user certificate using Security Manager and import it in to your browser.

Exporting the sample user certificate from EAServer

1. In Security Manager, highlight the User Certificates folder.
2. Highlight one of the sample certificates.
3. Select File | Export Certificate.
4. In the Export Certificate wizard, select the PKCS#12 formatted data option. This option exports the private key and the certificate so that you can import it in to a browser and use it to authenticate yourself. Click Next.
5. Enter and confirm a password. You need to provide this password when you import the certificate in to a browser. Click Next.
6. Click the Browse button on the wizard and enter the path and file name of the exported certificate. Do not supply an extension; .p12 extension is automatically appended to the certificate. Click Finish.
   
   An information box appears confirming that the user certificate has been successfully exported. Click OK.

Importing the sample user certificate in to Netscape

1. In Netscape, click the security icon.
2. Highlight "Yours" to view your certificate.
3. Click the Import a Certificate button.
4. Locate and highlight the certificate you exported from Security Manager. Click Open.
5. Enter the password you used when you exported the certificate.
6. The certificate is imported to Netscape. You can view and verify its validity.
   
   When your browser connects to EAServer listeners that require client authentication, you can select this certificate when Netscape prompts you for a user certificate.

Importing the sample user certificate in to Internet Explorer

1. In Internet Explorer, select View | Internet Options (version 4.0) or Tools | Internet Options (version 5.0).
2. Select the Content tab.
3. Click the Personal Certificates button (version 4.0) or the Certificates button (version 5.0).
4. Click the Import button. Enter the complete path and file name and password of the exported certificate (version 4.0) or follow the wizard instructions to locate the certificate and enter the password (version 5.0).
5. The certificate is imported in to Internet Explorer. You can view and verify its validity.
   
   When your browser connects to EAServer listeners that require client authentication, you can select this certificate when Internet Explorer prompts you for a user certificate.

Copyright © 2002 Sybase, Inc. All rights reserved.