Enabling and Configuring Administration Encryption for Unwired Server

Enable encryption to securely transfer data between the Unwired Server administration listener and Sybase Control Center.

You can create or change a security profile that saves SSL setup data for a particular server instance. Using the security profile, you associate a specific key with the encrypted port.

  1. In the left navigation pane, expand the Servers folder and select a server.
  2. Select Server Configuration.
  3. In the right administration pane, click General.
  4. Optional. If you want to create a new security profile, select SSL Configuration.
  5. In the Configure security profile table:
    1. Enter a name for the security profile.
    2. Enter a certificate alias. This is the alias of a key entry in the keystore. Make sure the key password of this key entry is the same as the keystore password.
    3. Select an authentication level:
      If the security profile authenticates only the server, then only the server must provide a certificate to be accepted or rejected by the client. If the security profile authenticates both the client and the server, then the client is also required to authenticate using a certificate; both the client and server will provide a digital certificate to be accepted or rejected by the other.
      Profile Authenticates Cipher suite(s)
      intl server
      • SA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      intl_mutual client/server
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      simple server RSA_WITH_NULL_MD5 RSA_WITH_NULL_SHA
      simple_mutual client/server RSA_WITH_NULL_MD5 RSA_WITH_NULL_SHA
      strong server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      strong_mutual client/server

      For example, this is the required option for mutual authentication of Unwired Platform and Gateway.
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      domestic server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • TLS_RSA_WITH_NULL_MD5
      • TLS_RSA_WITH_NULL_SHA
      domestic_mutual client/server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • RSA_WITH_NULL_MD5
      • RSA_WITH_NULL_SHA
  6. Use IIOPS in the Communication Ports sub-tab by selecting Secure Management Port (port 2001), and ensure that Sybase Control Center's Managed Resource properties match. By default, IIOPS is already configured between Unwired Server and Sybase Control Center.
  7. Select the correct security profile name that provides the details for locating the correct certificates.
  8. Save the changes and restart the server.
Parent topic: Preparing SSL for HTTPS Listeners
Previous topic: Changing Installed Certificates Used for Unwired Server and Sybase Control Center HTTPS Listeners