Security property
names begin with com.sybase.jaguar.security. Security
entities can represent security profiles, used to configure SSL
settings for server listeners, and security identities, used for
intercomponent calls and interserver authentication. The com.sybase.jaguar.security.type property determines
what type the entity is.
Not all security properties apply to both identities and profiles. If a property applies only to one or the other, the description will say so.
Specifies a text description of the identity or profile.
desc
Where desc is the descriptive text.
For profiles, specifies the time in seconds to cache SSL session parameters. Not used for identities.
An integer value representing the cache timeout in seconds. If not set, the default is 28800 (which equals 8 hours).
com.sybase.jaguar.security.sesscachesize
Specifies the name of the SSL certificate. This property is always required for security profiles. For identities, this property is required if the com.sybase.jaguar.security.qoss property specifies a security characteristic that requires mutual SSL authentication.
The text of the certificate label, for example:
Sample1 Test ID
com.sybase.jaguar.security.qoss
For profiles or identities that use Entrust PKI software to manage certificates, specifies the full path to the Entrust INI file that provides information on how to access Entrust.
The full path to the file, for example on Windows platforms:
c:\program files\entrust\entrust.ini
Or on a UNIX platform:
/opt/Entrust/clients/entrust.ini
The actual path depends on where you or your system administrator have installed the Entrust software.
This property must be set when the com.sybase.jaguar.security.tokentype property is set to “entrust”.
For profiles or identities that use Entrust PKI software to manage certificates, specifies the password for access to the Entrust user profile.
The password text. Values are encrypted in the repository.
This property must be set when the com.sybase.jaguar.security.tokentype property is set to “entrust”.
com.sybase.jaguar.security.entrustuserprofile
For profiles or identities that use Entrust PKI software to manage certificates, specifies the full path to the Entrust user profile, which is an operating system file.
The full path to the file, for example on Windows platforms:
c:\my documents\entrust\CN=Sample Entrust User, O=Sybase, C=US.epf
Or on a UNIX platform:
/opt/Entrust/certs/CN=Sample Entrust User, O=Sybase, C=US.epf
The actual path depends on where you or your system administrator have created the Entrust profile.
This property must be set when the com.sybase.jaguar.security.tokentype property is set to “entrust”.
For security profiles, specifies whether to log the client IP address for SSL connection failures associated with the security profile.
true or false.
The default is false.
com.sybase.jaguar.security.logsslerr
For security profiles, specifies whether to log additional SSL error information for connections associated with the security profile.
true or false.
The default is false.
com.sybase.jaguar.listener.logsslerr
Specifies the profile or identity name.
app-name
Where app-name is the application name.
For identities or profiles, specifies the password to access the Sybase certificate database.
The password text. Values are encrypted in the repository.
For identities or profiles, specifies the name of the security characteristic to use. For profiles, the security characteristic determines the minimum level of security acceptable for an incoming connection. For identities, the security characteristic determines the minimum level of security acceptable for outgoing connections.
If a value is specified, it must match the name of the security profile. The EAServer Security Administration and Programming Guide describes the available security profile names. The list of available profiles can be retrieved programmatically using the CtsSecurity::SSLServiceProvider interface.
For identities, if this property is not set, or set with no value, outgoing connections do not use SSL. For profiles, this property must be set to the name of a security characteristic.
For profiles used by a listener, specifies the size of SSL session cache. Not used for identities.
An integer that specifies the number of SSL sessions to cache. If no value is specified, the default is the value of the com.sybase.jaguar.server.maxconnections server property. When you save profile information from EAServer Manager, the default is 30.
EAServer caches server-side SSL sessions to improve performance when clients create frequent short-lived secure connections, typically from Web browsers. Caching improves performance by eliminating the time required to recreate sessions for the same client.When a security session is reused, clients avoid a CPU-intensive encryption of the premaster-secret using the server’s public key. Similarly, servers avoid a CPU-intensive decryption of the premaster-secret using its private key. The client must send the SSL session ID from the previous connection for the session to be reused.
For best performance, set the cache size to a number less than or equal to the com.sybase.jaguar.server.maxconnections server property. The cache requires approximately 64 bytes per entry.
com.sybase.jaguar.security.cachetime, com.sybase.jaguar.security.sessshare
For profiles, specifies the maximum number of concurrent SSL sessions that can share the same session parameters. Not used for identities.
An integer number. If no value is specified, the default is 10.
SSL session sharing allows a client to use the same SSL session ID for multiple connections. Session sharing can improve performance when the client opens multiple connections simultaneously. For example, a browser client may open several connections to download images linked to an HTML page. Session sharing allows the client to reuse the session for the second and subsequent connections, up to the number of concurrent connections specified by this property.
com.sybase.jaguar.security.sesscachesize, com.sybase.jaguar.security.cachetime
For an identity, specifies the user name to be used for component invocations or outgoing interserver connections.
The user name.
com.sybase.jaguar.security.specifiedidentitypassphrase
For an identity, specifies the password to be used for component invocations or outgoing interserver connections.
The password text. Values are encrypted in the repository.
com.sybase.jaguar.security.specifiedidentity
Specifies whether to use the Sybase SSL certificate database or an Entrust certificate.
Allowable values are sybase and entrust.
Specifies the security entity type.
Allowable values are:
Value |
To indicate |
|---|---|
identity |
An identity |
listener |
A security profile |
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
