In this section, you will create a user certificate that is signed by the test CA and used for server authentication. You will assign this certificate to a security profile, and assign the security profile to a listener.
Creating a user certificate from EAServer Manager | Certificates
folder
Highlight the CA Certificates folder.
Select File | Generate User Test Certificate.
Provide the information in the Generate User Test Certificate wizard as follows:
Validity Period Select two months from the drop-down list. The validity period determines how long the certificate is valid. When EAServer authenticates itself using this certificate, Netscape examines the validity period to see if it has expired.
Key Label Enter Tutorial_cert for
the name that identifies the certificate.
SSL Server Select this box since you will use this certificate to authenticate EAServer.
SSL Client The same certificate can also be used by clients for authentication. Since this certificate will not be used to authenticate the client, do not select this box.
Mark Private Key as Exportable Since you are not using this certificate on other systems, do not check this box.
Click Next. Provide your personal and site information as requested in the Certificate Request Information window. Refer to “User test certificate information” in Chapter 14, “Managing Keys and Certificates” for information on these fields.
Click Finish. EAServer Manager | Certificates folder generates a user certificate that is signed by the test CA. To view the certificate, highlight the Users Certificates folder.
In this section, you will define a new security profile, which includes a security characteristic. The security characteristic determines characteristics of the client-EAServer connection, such as:
Authentication The security profile you create for this tutorial requires certificates for authentication from both the client and server.
Encryption The strength and method of encryption. The security profile you create for this tutorial will not encrypt data.
Creating a security profile
Double-click the EAServer Manager icon.
Click the Security Profiles folder.
Select File | New Security Profile.
Enter user_test as
the name of the security profile and click Create New Security Profile.
Enter the information in the SSL tab of the Security Profile Properties window as follows:
Description Enter sample security profile as
the description of this security profile.
Use Entrust Uncheck this box. You would check this box if you were using an Entrust ID for authentication.
Security Characteristic Select sybpks_intl_mutual_auth from the drop-down list. A description of this security characteristic displays in the Description window.
Refer to “Configuring security profiles”in Chapter 13, “Security Configuration Tasks” for more information about security characteristics.
Certificate Label Select Tutorial_cert from the drop-down list. This is the label of the certificate you created earlier. The security profile uses this certificate to authenticate EAServer. If you have not logged in to EAServer Manager | Certificates folder, you are prompted for a PIN.
PIN Enter the password (PIN) and press enter.
This is the same PIN that allows access to EAServer Manager | Certificates
folder. The default PIN is sybase.
If you have changed this PIN, enter the new PIN. See Chapter 13, “Security Configuration Tasks” and Chapter 14, “Managing Keys and Certificates” for more information.
Click Save. EAServer Manager displays the new security profile.
You can now assign the user_test security profile to a listener.
See “Configuring security profiles” for more information.
A listener identifies EAServer ports that accepts connection requests from clients using the following protocols:
HTTP
HTTPS
IIOP
IIOPS
TDS
When you define a listener, you choose a port number, the protocol, and, for secure protocols IIOPS and HTTPS, assign a security profile.
Assigning the test_profile security profile
to a listener
Double-click the EAServer Manager icon.
Double-click the Servers folder.
Double-click the Jaguar icon.
Click the Listeners folder.
Select File | New Listener.
Enter https3 for
the listener name and click Create New Listener.
When you see the Listener info window, supply the following:
Protocol Select HTTPS from the drop-down list. You will use HTTPS as the protocol to retrieve the HTML page that contains the sample applet.
Port Enter the port number on the host machine for this listener.
If not in use by any other service, enter 8083.
Jaguar Security Profile Select the user_test security profile from the drop-down list.
Click Save.
Restart EAServer:
Highlight the server to which this listener belongs.
Select File | Restart.
You now have a listener that accepts HTTPS connection requests at port 8083 (https://hostname:8083) and requires client and server authentication.
See “Configuring listeners” for more information.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|