Adding FIPS and TLS support to the Web server redirector plug-in

This section describes how to configure the Web server redirector plug-in to use Transport Layer Security (TLS) and Federal Information Processing Standards (FIPS) for each supported Web server. The redirector plug-in that supports FIPS and TLS is the iPlanet 6.0 Web server.

Adding support for FIPS and TLS in your Web server redirector plug-in requires you to:

1. Run the EAServer 5.0 or 5.1 installer to install the required EAServer and redirector files on the same machine where the redirector runs, if it has not run previously.

2. Run the EAServer 5.2 installation program on each machine that contains a previously installed Web redirector plug-in to add additional and updated FIPS-related files.

3. Copy libraries from the EAServer 5.2 installation to the appropriate Web server directory. This assumes you are copying the files from the same machine.

4. Make changes to the corresponding configuration files.

5. Select a FIPS-compatible cipher suite when setting the Connector.Https.qop directive in the redirector configuration file.

6. Restart the Web server for the changes to take effect.

Running the 5.0 or 5.1 installation program

Run the setup program on each machine that contains a previously installed Web redirector plug-in to which you want to add FIPS and TLS support.

1. Check the “System requirements”.

2. Set the JAGUAR_CLIENT_ROOT environment variable to represent the EAServer installation directory.

3. Exit any programs that are running. If you do not, the Sybase installer may not be able to copy some files to the appropriate directories.

4. If you have downloaded EAServer, expand the installation software to a temporary location. Otherwise, insert the software CD into your CD drive.

5. To start the installer from the command line, change to the location of the installation software and enter:

   ./setup [-is:tempdir work_directory]
   

   Specify the -is:tempdir option if you have less than 150MB in your temp space. work_directory is the full path to a temporary directory to be used by the installer.

   The installer starts, and the Sybase EAServer Install window appears.

6. Click Next in the Install window. Use Back and Next to step backward and forward through the installation process to modify specifications as necessary. Select Cancel to halt the installation process.

7. Select your country or region from the drop-down list to display the license agreement. You must read and accept the terms of the license agreement for your country before you can install any Sybase products. Click Next.

8. The installer checks whether any EAServer processes are running on the machine. If prompted, shut down any EAServer applications, including EAServer, and EAServer running as a Windows service. Click Next.

9. Select Upgrade Install.

   The installer searches for a directory identified by the $JAGUAR environment variable. If located, this is the default directory for upgrading your installation.

10. From the Select the type of installation, select Custom. This allows you to choose specific installation options for each redirector plug-in. After choosing this option, select the following options:

    Server:   Runtime Libraries:      SSL Runtime   Web Server Plugins:      Plug-in name
    EAServer ManagerJDK:   JDK 1.3   JDK 1.4 
    

    where Plug-in name is the plug-in for which you are adding FIPS and TLS support. In this case, the Plug-in name is iPlanet 6.0.

11. If you are installing the Advanced Edition, provide the product license information:

    • Order Number

    • Feature Name

    • Authorization Code

    The product license information is provided in your EAServer package on a printed Sybase certificate. Click Next.

12. If you select a custom installation and select to install any of the JDKs, you can either install the selected JDK, or use a JDK that may already be installed on your system. If the installer detects an existing JDK of the appropriate version, it displays as the default location. Existing JDKs must be of the correct version and patch level, as described in “JDK versions”.

    Click Next to continue.

13. If you are installing the Web services toolkit Eclipse plug-in, you must have an Eclipse installation. Choose one of the following options:

    • Select Install New Eclipse and enter the path where to install it to. The installer places Eclipse version 2.1.1 in an eclipse subdirectory in this location.

    • Select Use Existing Eclipse to configure your EAServer installation to use an existing Eclipse installation. Enter the path to the existing installation, which must be Eclipse version 2.1, 2.1.0, or 2.1.1, installed in an eclipse subdirectory of the specified location.

    Click Next to continue.

14. EAServer Manager and Security Manager require a Sybase Central 4.3 installation. You can share a single Sybase Central 4.3 installation between multiple EAServer and Adaptive Server Anywhere installations on the same machine. Choose one of the following options:

    • Select Install New sybcentral43, and enter the path where to install it. The installer places Sybase Central version 4.3 in a sybcentral43 subdirectory of this location.

    • Select Use Existing sybcentral43, and enter the path to the existing installation, which must be Sybase Central version 4.3, installed in a sybcentral43 subdirectory of the specified location.

    Click Next to continue.

15. The installer displays a summary of the features to be installed and the installation directory. Review these entries and click Next to continue or Back to modify your entries.

16. The installer begins copying files and informs you when the installation is complete.

17. Click Finish to exit the installer.

18. Now run the EAServer 5.2 installation program. Use the same settings and directory locations as you used for the 5.0 or 5.1 installation program.

19. Select the previous directory to which you installed.

20. Select Upgrade Install and click Next.

21. Select Custom and click Next.

22. Enter Authorization code (if any) and click Next.

23. Select the same options as selected in step 10, above.

24. Verify JDK locations and click Next.

25. The installer displays a summary of the features to be installed and the installation directory. Review these entries and click Next to continue or Back to modify your entries.

26. The installer begins copying files and informs you when the installation is complete.

27. Click Finish to exit the installer.

28. You can now configure and enable FIPS and TLS for an iPlanet 6.0 Web server plug-in. See “Enabling FIPS and TLS for an iPlanet 6.0 plug-in” for more details.

Copyright © 2005. Sybase Inc. All rights reserved.

View this book as PDF