Troubleshooting HTTPS connections  Enabling FIPS and TLS on the IIS plug-in

Chapter 4: Installing and Configuring a Web Server Redirector Plug-In

Adding FIPS and TLS support to the Web server redirector plug-ins

This section describes how to configure the Web server redirector plug-in to use TLS and FIPS for each supported Web server. Table 4-6 lists the FIPS-supported Web servers.

NoteThis procedure updates existing Web server redirector plug-ins that were installed with either an EAServer 5.0 or 5.1 installation program. For new EAServer 5.2 installations skip step 1 below and install all required files from the new EAServer 5.2 installation.

Adding support for FIPS and TLS in your Web server redirector plug-ins requires you to:

  1. Run the EAServer 5.0 or 5.1 installer to install the required EAServer and redirector files on the same machine which the redirector runs, if it has not run previously.

  2. Run the EAServer 5.2 installation program on each machine that contains a previously installed Web redirector plug-in to add additional and updated FIPS-related files.

  3. Copy libraries from the EAServer 5.2 installation to the appropriate Web server directory. This assumes you are copying the files from the same machine.

  4. Make changes to the corresponding configuration files.

  5. Use the newly installed standalone Security Manager to enable FIPS for the redirector.

  6. Select a FIPS-compatible cipher suite when setting the Connector.Https.qop directive in the redirector configuration file.

  7. Restart the Web server for the changes to take effect.

StepsRunning the 5.0 or 5.1 installation program

Run the setup.exe program on each machine that contains a previously installed Web redirector plug-in to which you want to add FIPS and TLS support.

  1. Check the “System requirements”.

  2. Set the JAGUAR_CLIENT_ROOT environment variable to represent the EAServer installation directory.

  3. Exit any programs that are running. If you do not, the Sybase installer may not be able to copy some files to the appropriate directories.

  4. If you have downloaded EAServer, expand the installation software to a temporary location. Otherwise, insert the software CD into your CD drive.

  5. Select Start | Run, and enter:

     path\setup.exe [-is:tempdir temp_directory]

    where path is the location of the installation software. If you have less than 170MB in your temp directory, add the -is:tempdir temp_directory option, replacing temp_directory with the full path to a temporary directory that has at least 170MB of available disk space. For example: 

    f:\setup.exe -is:tempdir d:\temp

    The installer starts, and the EAServer 5.0 or 5.1 Install window appears.

    NoteThe installer may not run correctly on some machines with older versions of the Microsoft DirectDraw display software and drivers. If setup.exe does not run correctly, run jsetup.bat, located in the SupportNT directory of the CD, which launches the installer with Java DirectDraw support disabled. The installer may run more slowly with DirectDraw disabled.

  6. Click Next in the Install window. Use Back and Next to step backward and forward through the installation process to modify specifications as necessary. Select Cancel to halt the installation process.

  7. Select your country or region from the drop-down list to display the license agreement. You must read and accept the terms of the license agreement for your country before you can install any Sybase products. Click Next.

  8. The installer checks whether any EAServer processes are running on the machine. If prompted, shut down any EAServer applications, including EAServer, and EAServer running as a Windows service. Click Next.

  9. Select Upgrade Install.

    NoteThe installer searches for a directory identified by the %JAGUAR% environment variable. If located, this is the default directory for upgrading your installation.

  10. From the Select the type of installation, select Custom. This allows you to choose specific installation options for each redirector plug-in. After choosing this option, select the following options:

    Server:   Runtime Libraries:      SSL Runtime   Web Server Plugins:      Plug-in name
Jaguar ManagerJDK:   JDK 1.3   JDK 1.4

    where Plug-in name is the plug-in for which you are adding FIPS and TLS support. Table 4-6 lists the redirector plug-ins which support FIPS and TLS. For iPlanet 4.0 or 6.0 select the iPlanet option.

    Table 4-6: Web server redirector plug-in support

    Plug-in

    FIPS supported?

    Apache 2.x

    Yes

    Apache 1.x

    No

    iPlanet 6.0

    Yes

    iPlanet 4.0

    Yes

    iPlanet 3.6

    No

    IIS 5.0

    Yes

    Netscape 6.1

    Yes

  11. If you are installing the Advanced Edition, provide the product license information:

    • Order Number

    • Feature Name

    • Authorization Code

    The product license information is provided in your EAServer package on a printed Sybase certificate. Click Next.

  12. If you select a custom installation and select to install any of the JDKs, you can either install the selected JDK, or use a JDK that may already be installed on your system. If the installer detects an existing JDK of the appropriate version, it is displayed as the default location. Existing JDKs must be of the correct version and patch level, as described in “JDK versions”.

    Click Next to continue.

  13. The installer displays a summary of the features to be installed and the installation directory. Review these entries and click Next to continue or Back to modify your entries.

  14. The installer begins copying files and informs you when the installation is complete.

  15. Click Finish to exit the installer.

  16. Now run the EAServer 5.2 installation program. Use the same settings and directory locations as you used for the 5.0 or 5.1 installation program.

  17. Select the previous directory to which you installed.

  18. Select Upgrade Install and click Next.

  19. Select Custom and click Next.

  20. Enter Authorization code (if any) and click Next.

  21. Select the same options as selected in step 10, above.

  22. Verify JDK locations and click Next.

  23. The installer displays a summary of the features to be installed and the installation directory. Review these entries and click Next to continue or Back to modify your entries.

  24. The installer begins copying files and informs you when the installation is complete.

  25. Click Finish to exit the installer.

  26. You can now configure and enable FIPS and TLS for the redirectors by following the instructions for any of the supported Web servers:




Copyright © 2005. Sybase Inc. All rights reserved. Enabling FIPS and TLS on the IIS plug-in

View this document as PDF