Chapter 15: Entrust PKI Integration  Chapter 16: Tutorial: Using SSL

Chapter 15: Entrust PKI Integration

Scenarios

There are three usage scenarios involving Entrust IDs and non-Entrust certificates:


Both client and EAServer use non-Entrust certificates

In this scenario, you use EAServer’s EAServer Manager | Certificates folder to access the Sybase PKCS #11 token to manage EAServer’s keys and certificates. On the client, you use either the browser’s mechanism to manage keys and certificates for Java applets or the standalone Security Manager to access the Sybase PKCS #11 token to manage keys and certificates for C++ and Java applications.

See Chapter 14, “Managing Keys and Certificates” for information about EAServer Manager | Certificates folder, the standalone Security Manager, and Netscape certificate management.


Entrust client and non-Entrust server (and vice versa)

In a mixed environment of Entrust IDs and non-Entrust certificates, each side (client and server) must import the other’s CA certificate so that it will be recognized and accepted as coming from a trusted CA. For example, import the Entrust CA certificate into the non-Entrust server’s PKCS #11 token using EAServer Manager | Certificates folder (the Entrust CA certificate is imbedded in the user profile’s .key file). Mark the CA certificate trusted.

See Chapter 14, “Managing Keys and Certificates” for information about importing CAs and marking certificates as trusted.

You can then use the certificates and Entrust IDs as follows:


Both client and server use Entrust certificates

When both the client and server use Entrust IDs, use Entrust to manage the IDs and use EAServer Manager to establish a security profile that uses those IDs.

See “Defining security profiles” for information on configuring security profiles to use either Entrust IDs or non-Entrust certificates and enabling non-Entrust clients to connect to a listener using Entrust IDs.





Copyright © 2005. Sybase Inc. All rights reserved. Chapter 16: Tutorial: Using SSL