Other design issues  Web server redirector plug-in issues

Chapter 2: Common Problem Areas

Security keys and certificates

You can configure EAServer to accept client connections over the secure protocols IIOPS and HTTPS by managing certificates and the keys in a keystore. See Chapter 11, “Managing Keys and Certificates,” in the Security Administration and Programming Guide.

Table 2-1: Common key/certificate questions

Questions

Answer

Where can I find private key and certificate information?

In the Management Console, select the server, then select the Security tab. The key and certificate information displays. The keystore holds all server-side certificates (private keys); the truststore holds the trusted certificates.

What types of keystores and truststores does EAServer support?

If the JDK with which EAServer is running is unmodified, the supported types are “pkcs12” and “jks.” If a third-party plug-in is installed, additional types may be supported.

What tool can I use to maintain keystores and truststores?

EAServer supports the management tool keytool, which is a component of the JDK. See the keytool documentation. The keystore and truststore targets are defined on the server’s Security tab.

How can I assign a certificate to a listener?

In the Management Console:

  1. Select the listener you want to use.

  2. On the General tab, note the name of the Security Profile.

  3. In the left pane, expand the Security | Profiles node, and select the security profile that the listener uses.

  4. On the General tab, set the Certificate Label to the ID of the certificate you want the listener to use.

    NoteThe certificate ID is a valid private key alias name that is available in the keystore.



Copyright © 2008. Sybase Inc. All rights reserved. Web server redirector plug-in issues

View this document as PDF