Chapter 14 Tutorial: Using SSL

Setting up EAServer

In this section, you will create a user certificate that is signed by the test CA and used for server authentication. You will assign this certificate to a security profile, and assign the security profile to a listener.

Creating a user certificate from Security Manager

1. Highlight the CA Certificates folder.
2. Select File | Generate User Test Certificate.
3. Provide the information in the Generate User Test Certificate wizard as follows:
   
   
   • Key Strength Select 512 from the drop-down list.
   • Validity Period Select two months from the drop-down list. The validity period determines how long the certificate is valid. When EAServer authenticates itself using this certificate, Netscape examines the validity period to see if it has expired.
   • Key Label Enter Tutorial_cert for the name that identifies the certificate.
   • SSL Server Select this box since you will use this certificate to authenticate EAServer.
   • SSL Client The same certificate can also be used by clients for authentication. Since this certificate will not be used to authenticate the client, do not select this box.
   • Mark Private Key as Exportable Since you are not using this certificate on other systems, do not check this box.
4. Click Next. Provide your personal and site information as requested in the Certificate Request Information window. Refer to "User test certificate information" in Chapter 12, "Managing Keys and Certificates" for information on these fields.
5. Click Finish. Security Manager generates a user certificate that is signed by the test CA. To view the certificate, highlight the Users Certificates folder.

Creating and assigning a security profile to a listener

In this section, you will define a new security profile, which includes a security characteristic. The security characteristic determines characteristics of the client-EAServer connection, such as:

• Authentication The security profile you create for this tutorial requires certificates for authentication from both the client and server.
• Encryption The strength and method of encryption. The security profile you create for this tutorial will not encrypt data.

Creating a security profile

1. Double-click the Jaguar Manager icon.
2. Click the Security Profiles folder.
3. Select File | New Security Profile.
4. Enter user_test as the name of the security profile and click Create New Security Profile.
5. Enter the information in the SSL tab of the Security Profile Properties window as follows:
   
   
   • Description Enter sample security profile as the description of this security profile.
   • Use Entrust Uncheck this box. You would check this box if you were using an Entrust ID for authentication.
   • Security Characteristic Select sybpks_intl_mutual_auth from the drop-down list. A description of this security characteristic displays in the Description window.
     
     You have access to only the international/export security characteristics unless you run the upgrd128 upgrade. Refer to "Upgrading to stronger encryption" in Chapter 12, "Managing Keys and Certificates" for more information.
     
     Refer to "Security characteristics" in Chapter 12, "Managing Keys and Certificates" for more information about security characteristics.
   • Certificate Label Select Tutorial_cert from the drop-down list. This is the label of the certificate you created earlier. The security profile uses this certificate to authenticate EAServer. If you have not logged in to Security Manager, you are prompted for a PIN.
   • PIN Enter the password (PIN) and press enter. This is the same PIN that allows access to Security Manager. The default PIN is sybase . If you have changed this PIN, enter the new PIN. See Chapter 5, "Security Configuration" in Chapter 12, "Managing Keys and Certificates" for more information.
6. Click Save. Jaguar Manager displays the new security profile.

You can now assign the user_test security profile to a listener.

See "Configuring security profiles" for more information.

Assign a security profile to a listener

A listener identifies EAServer ports that accepts connection requests from clients using the following protocols:

• HTTP
• HTTPS
• IIOP
• IIOPS
• TDS

When you define a listener, you choose a port number, the protocol, and, for secure protocols IIOPS and HTTPS, assign a security profile.

Assigning the test_profile security profile to a listener

1. Double-click the Jaguar Manager icon.
2. Double-click the Servers folder.
3. Double-click the Jaguar icon.
4. Click the Listeners folder.
5. Select File | New Listener.
6. Enter https3 for the listener name and click Create New Listener.
7. When you see the Listener info window, supply the following:
   
   
   • Protocol Select HTTPS from the drop-down list. You will use HTTPS as the protocol to retrieve the HTML page that contains the sample applet.
   • Host Enter the name of the EAServer host.
   • Port Enter the port number on the host machine for this listener. If not in use by any other service, enter 8083 .
   • Jaguar Security Profile Select the user_test security profile from the drop-down list.
8. Click Save.
9. Restart EAServer:
   1. Highlight the server to which this listener belongs.
   2. Select File | Restart.
   
   

You now have a listener that accepts HTTPS connection requests at port 8083 (https://hostname:8083) and requires client and server authentication.

See "Configuring listeners" for more information.

Copyright © 2002 Sybase, Inc. All rights reserved.