Troubleshoot HTTPS connections  Enabling FIPS and TLS for an Apache plug-in

Chapter 4: Installing and Configuring a Web Server Redirector Plug-In

Adding FIPS and TLS support to the Web server redirector plug-ins

This section describes how to configure the Web server redirector plug-in to use Transport Layer Security (TLS) and Federal Information Processing Standards (FIPS) for each supported Web server. The redirector plug-ins that support FIPS and TLS are:

NoteThis procedure updates existing Web server redirector plug-ins that were installed with an EAServer 5.0 installation program. For new EAServer 5.2 installations, skip step 1 below and install all required files from the new EAServer 5.2 installation.

Adding support for FIPS and TLS in your Web server redirector plug-ins requires you to:

  1. Run the EAServer installer to install the required EAServer and redirector files on the same machine where the redirector runs, if it has not run previously.

  2. Run the EAServer 5.2 installation program on each machine that contains a previously installed Web redirector plug-in to add additional and updated FIPS-related files.

  3. Copy libraries from the EAServer 5.2 installation to the appropriate Web server directory. This assumes you are copying the files from the same machine.

  4. Make changes to the corresponding configuration files.

  5. Use the newly installed standalone Security Manager to enable FIPS for the redirector.

  6. Select a FIPS-compatible cipher suite when setting the Connector.Https.qop directive in the redirector configuration file.

  7. Restart the Web server for the changes to take effect.

StepsRunning the installation program

Run the setup program on each machine that contains a previously installed Web redirector plug-in to which you want to add FIPS and TLS support.

  1. Check the “System requirements”.

  2. Set the JAGUAR_CLIENT_ROOT environment variable to represent the EAServer installation directory.

  3. Exit any programs that are running. If you do not, the Sybase installer may not be able to copy some files to the appropriate directories.

  4. If you have downloaded EAServer, expand the installation software to a temporary location. Otherwise, insert the software CD into your CD drive.

  5. To start the installer from the command line, change to the location of the installation software and enter:

    ./setup [-is:tempdir work_directory]

    Specify the -is:tempdir option if you have less than 150MB in your temp space. work_directory is the full path to a temporary directory to be used by the installer.

    The installer starts, and the Sybase EAServer Install window appears.

  6. Click Next in the Install window. Use Back and Next to step backward and forward through the installation process to modify specifications as necessary. Select Cancel to halt the installation process.

  7. Select your country or region from the drop-down list to display the license agreement. You must read and accept the terms of the license agreement for your country before you can install any Sybase products. Click Next.

  8. The installer checks whether any EAServer processes are running on the machine. If prompted, shut down any EAServer applications, including EAServer, and EAServer running as a Windows service. Click Next.

  9. Select Upgrade Install.

    NoteThe installer searches for a directory identified by the $JAGUAR environment variable. If located, this is the default directory for upgrading your installation.

  10. Select Custom as the type of installation. This allows you to choose specific installation options for each redirector plug-in. After choosing this option, select the following options:

    Server:   Runtime Libraries:      SSL Runtime   Web Server Plugins:      Plug-in name
Jaguar ManagerJDK:   JDK 1.3   JDK 1.4

    where Plug-in name is the plug-in for which you are adding FIPS and TLS support.

  11. If you are installing the Advanced Edition, provide the product license information:

    The product license information is provided in your EAServer package on a printed Sybase certificate. Click Next.

  12. If you select to install any of the JDKs, you can either install the selected JDK, or use a JDK that may already be installed on your system. If the installer detects an existing JDK of the appropriate version, it displays as the default location. Existing JDKs must be of the correct version and patch level, as described in “JDK versions”.

    Click Next to continue.

  13. The installer displays a summary of the features to be installed and the installation directory. Review these entries and click Next to continue or Back to modify your entries.

  14. The installer begins copying files and informs you when the installation is complete.

  15. Click Finish to exit the installer.

  16. You can now configure and enable FIPS and TLS for the redirectors by following the instructions for any of the supported Web servers:




Copyright © 2005. Sybase Inc. All rights reserved. Enabling FIPS and TLS for an Apache plug-in

View this document as PDF