Create a security profile that defines the certificate alias and authentication levels used
to encrypt communication ports in Unwired Platform.
- In the left navigation pane, expand the Servers folder and select a server.
- Select Server Configuration.
- In the right administration pane, select the General tab.
- From the menu bar, select SSL Configuration.
- In the Configure security profile table:
- Enter a name for the security profile.
- Enter a certificate alias. This is the logical name for the certificate stored in the keystore.
- Select an authentication level:
If the security profile authenticates only the server, then only the server must provide a certificate to be accepted or rejected by the client. If the security profile authenticates both the client and the server, then the client is also required to authenticate using a certificate; both the client and server will provide a digital certificate to be accepted or rejected by the other.
Profile |
Authenticates |
Cipher suites |
intl |
server |
- SA_EXPORT_WITH_RC4_40_MD5
- RSA_EXPORT_WITH_DES40_CBC_SHA
|
intl_mutual |
client/server |
- RSA_EXPORT_WITH_RC4_40_MD5
-
RSA_EXPORT_WITH_DES40_CBC_SHA
|
strong |
server |
- RSA_WITH_3DES_EDE_CBC_SHA
- RSA_WITH_RC4_128_MD5
- RSA_WITH_RC4_128_SHA
|
strong_mutual |
client/server |
- RSA_WITH_3DES_EDE_CBC_SHA
- RSA_WITH_RC4_128_MD5
- RSA_WITH_RC4_128_SHA
|
domestic |
server |
- RSA_WITH_3DES_EDE_CBC_SHA
- RSA_WITH_RC4_128_MD5
- RSA_WITH_RC4_128_SHA
- RSA_WITH_DES_CBC_SHA
- RSA_EXPORT_WITH_RC4_40_MD5
- RSA_EXPORT_WITH_DES40_CBC_SHA
- TLS_RSA_WITH_NULL_MD5
- TLS_RSA_WITH_NULL_SHA
|
domestic_mutual |
client/server |
- RSA_WITH_3DES_EDE_CBC_SHA
- RSA_WITH_RC4_128_MD5
- RSA_WITH_RC4_128_SHA
- RSA_WITH_DES_CBC_SHA
- RSA_EXPORT_WITH_RC4_40_MD5
- RSA_EXPORT_WITH_DES40_CBC_SHA
- RSA_WITH_NULL_MD5
- RSA_WITH_NULL_SHA
|
- Click Save.
- From the Communication Ports menu, assign the security profile to the desired management or communication ports.
Next
Ensure that SSL is enabled for every node in the cluster, then restart all servers in the cluster to commit the configuration changes. Log out of Sybase Control Center, then log back in on the secure port. For information on setup tasks required to enable SSL in the server administration environment, see
System Administration for Sybase Unwired Platform > Security Administration > Implementing System Wide Security > Transport Security Setup > Encrypting Unwired Server Administration Connections.