Chapter 16: Tutorial: Using SSL
In this tutorial, your browser connects to EAServer through a listener that requires client authentication. This requires you to install a personal certificate in the browser that authenticates your identity.
To install a personal certificate in your browser:
Start the server, EAServer Manager, and connect to the Certificates folder.
Export a personal (user) certificate signed by the Jaguar test CA.
Import the user certificate to your browser.
If the server is not already running, follow the instructions under “Starting the server” in the EAServer System Administration Guide to start the server.
If you are not connected to EAServer Manager, follow the instructions in “Using EAServer Manager” in the EAServer System Administration Guide to connect to EAServer Manager. After connecting, browse to the Certificates folder, double-click on it, then enter your certificate database PIN.
You need a personal certificate installed in your browser before the sample applets can attach to EAServer listener ports that require client authentication.
There are a variety of ways to get a personal certificate:
Click the Security icon on the tool bar.
Click Yours on the left side of the window. This displays a list of your certificates.
If no certificates are displayed, you need to get one. Click Get a Certificate. You see a Web page of public CAs.
You need to obtain a certificate from a CA that EAServer recognizes, or use EAServer Manager | Certificates folder to install the CA’s certificate and mark it trusted. In EAServer Manager | Certificates folder, click the Trusted CAs folder to display a list of the trusted certificate signers that EAServer recognizes.
Select a CA and follow the instructions to obtain your certificate.
Use the sample certificates EAServer comes with two sample personal (user) certificates signed by the test CA that you can use to authenticate yourself when connecting to EAServer listeners that require client authentication.
For this tutorial, export a user certificate using EAServer Manager | Certificates folder and import it in to your browser.
Exporting the sample user certificate from EAServer
In EAServer Manager | Certificates folder, highlight the User Certificates folder.
Highlight one of the sample certificates.
Select File | Export Certificate.
In the Export Certificate wizard, select the PKCS#12 formatted data option. This option exports the private key and the certificate so that you can import it in to a browser and use it to authenticate yourself. Click Next.
Enter and confirm a password. You need to provide this password when you import the certificate in to a browser. Click Next.
Click the Browse button on the wizard and enter the path and file name of the exported certificate. Do not supply an extension; .p12 extension is automatically appended to the certificate. Click Finish.
An information box appears confirming that the user certificate has been successfully exported. Click OK.
Importing the sample user certificate in to Netscape
In Netscape, click the security icon.
Highlight “Yours” to view your certificate.
Click the Import a Certificate button.
Locate and highlight the certificate you exported from EAServer Manager | Certificates folder. Click Open.
Enter the password you used when you exported the certificate.
The certificate is imported to Netscape. You can view and verify its validity.
When your browser connects to EAServer listeners that require client authentication, you can select this certificate when Netscape prompts you for a user certificate.
Importing the sample user certificate in to Internet Explorer
In Internet Explorer, select View | Internet Options (version 4.0) or Tools | Internet Options (version 5.0).
Select the Content tab.
Click the Personal Certificates button (version 4.0) or the Certificates button (version 5.0).
Click the Import button. Enter the complete path and file name and password of the exported certificate (version 4.0) or follow the wizard instructions to locate the certificate and enter the password (version 5.0).
The certificate is imported in to Internet Explorer. You can view and verify its validity.
When your browser connects to EAServer listeners that require client authentication, you can select this certificate when Internet Explorer prompts you for a user certificate.
|Copyright © 2005. Sybase Inc. All rights reserved.|