Chapter 15: Entrust PKI Integration
There are three usage scenarios involving Entrust IDs and non-Entrust certificates:
In this scenario, you use EAServer’s EAServer Manager | Certificates folder to access the Sybase PKCS #11 token to manage EAServer’s keys and certificates. On the client, you use either the browser’s mechanism to manage keys and certificates for Java applets or the standalone Security Manager to access the Sybase PKCS #11 token to manage keys and certificates for C++ and Java applications.
See Chapter 14, “Managing Keys and Certificates” for information about EAServer Manager | Certificates folder, the standalone Security Manager, and Netscape certificate management.
In a mixed environment of Entrust IDs and non-Entrust certificates, each side (client and server) must import the other’s CA certificate so that it will be recognized and accepted as coming from a trusted CA. For example, import the Entrust CA certificate into the non-Entrust server’s PKCS #11 token using EAServer Manager | Certificates folder (the Entrust CA certificate is imbedded in the user profile’s .key file). Mark the CA certificate trusted.
See Chapter 14, “Managing Keys and Certificates” for information about importing CAs and marking certificates as trusted.
You can then use the certificates and Entrust IDs as follows:
Server side to allow non-Entrust clients, select the allow non-Entrust client check box when you configure a security profile. See “Configuring security profiles” for more information.
When both the client and server use Entrust IDs, use Entrust to manage the IDs and use EAServer Manager to establish a security profile that uses those IDs.
See “Defining security profiles” for information on configuring security profiles to use either Entrust IDs or non-Entrust certificates and enabling non-Entrust clients to connect to a listener using Entrust IDs.
|Copyright © 2005. Sybase Inc. All rights reserved.|