Chapter 5 Tutorial: Security Configuration

Creating and assigning a security profile to a listener

In this section you will define a new security profile, which includes a security characteristic. The security characteristic determines characteristics of the client-Jaguar connection, such as:

• Authentication The security profile you create for this tutorial requires certificates for authentication from both the client and server.
• Encryption The strength and method of encryption. The security profile you create for this tutorial will not encrypt data.

Create a security profile:

1. Double-click the Jaguar Manager icon.
   
   
2. Click the Security Profiles folder.
   
   
3. Select File | New Security Profile.
   
   
4. Enter user_test as the name of the security profile and click Create New Security Profile.
   
   
5. Enter the information in the SSL tab of the Security Profile Properties window as follows:
   
   
   • Description Enter sample security profile as the description of this security profile.
   • Use Entrus Uncheck this box. You would check this box if you were using an Entrust ID for authentication.
   • Security Characteristic Select sybpks_intl_mutual_auth from the drop-down list. A description of this security characteristic displays in the Description window.
     You have access to only the international/export security characteristics unless you run the upgrd128 upgrade. Refer to "Upgrading to stronger encryption" in the Jaguar CTS System Administration Guide for more information.
     
     Refer to "Security characteristics" in the Jaguar CTS System Administration Guide for more information about security characteristics.
     
   • Certificate Label Select Tutorial_cert from the drop-down list. This is the label of the certificate you created earlier. The security profile uses this certificate to authenticate Jaguar. If you have not logged in to Security Manager, you are prompted for a PIN.
   • PIN Enter the password (PIN) and press enter. This is the same PIN that allows access to Security Manager. The default PIN is sybase . If you have changed this PIN, enter the new PIN. Refer to "Changing the user PIN" on page 102 for more information.
   • Click Save. Jaguar Manager displays the new security profile.
   
   
   

You can now assign the user_test security profile to a listener.

Refer to "Security profiles" on page 120 for more information about security profiles.

Assign a security profile to a listener

A listener identifies Jaguar ports that accepts connection requests from clients using the following protocols:

• HTTP
• HTTPS
• IIOP
• IIOPS
• TDS

When you define a listener, you choose a port number, the protocol, and, for secure protocols IIOPS and HTTPS, assign a security profile.

Assign the test_profile security profile to a listener:

1. Double-click the Jaguar Manager icon.
   
   
2. Double-click the Servers folder.
   
   
3. Double-click the Jaguar icon.
   
   
4. Click the Listeners folder.
   
   
5. Select File | New Listener.
   
   
6. Enter https3 for the listener name and click Create New Listener.
   
   
7. When you see the Listener info window, supply the following:
   
   
   • Protocol Select HTTPS from the drop-down list. You will use HTTPS as the protocol to retrieve the HTML page that contains the sample applet.
   • Host Enter the name of the Jaguar server host.
   • Port Enter the port number on the host machine for this listener. If not in use by any other service, enter 8083 .
   • Jaguar Security Profile Select the user_test security profile from the drop-down list.
   
   
   
8. Click Save.
   
   
9. Restart Jaguar:
   
   
   1. Highlight the server to which this listener belongs.
      
      
   2. Select File | Restart.
      
      
   
   

You now have a Jaguar listener that accepts HTTPS connection requests at port 8083 and requires client and Jaguar authentication.

Refer to "Listeners" in the Jaguar CTS System Administration Guide for more information about listeners.

Copyright © 2000 Sybase, Inc. All rights reserved.