Mutual Authentication
If mutual authentication is required, the server and client
must authenticate each other to ensure that both can be trusted.
By default, EAServer 6.x uses 2002 as the port for this type of
SSL connection.
Both the server�s certificate and the client�s
certificate must be imported into the Microsoft certificate store
on the client computer as described in Importing an EAServer Certificate into the Client Certificate Store.
The client�s certificate file must include the private
key for the client�s certificate. The server�s
certificate file need not include its private key.
The server certificate used for mutual authentication cannot
be the same as the certificate used for server-only authentication.
Make sure you obtain the correct certificate file.
For mutual authentication, the client�s certificate
file must be imported into the certificate store on the client computer and it
must be available in the file system on the client computer, because
it is referenced in the PowerScript code required to connect to
EAServer.
the Connection object are used for mutual authentication:
Connection code
address to a URL that begins with �iiops� and
ends with the correct SSL port. The following sample code connects
to an EAServer host that requires mutual authentication:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
Connection myconnect int rc myconnect = create Connection myconnect.Application = "pbtest" myconnect.Driver = "jaguar" myconnect.UserID = "admin@system" myconnect.Password = "sybase" myconnect.Location = "iiops://mydesktop:2002" myconnect.Options = "ORBclientCertificateFile= 'd:worksample1.p12',ORBclientCertificatePassword =abc" rc = myconnect.connecttoserver( ) |
Configuration step required for Web Forms and Web services
For mutual authentication, PowerBuilder .NET Web Forms applications
and .NET Web services that are clients for EAServer require that
the ASPNET account on the IIS server have access to the private
key of the client certificate. Access to the private key of the
server certificate is not required.
Use the Windows HTTP Services Certificate Configuration Tool (WinHttpCertCfg.exe)
to configure client certificates. You can download this tool from
the Microsoft Download Center.
for the ASPNET account on the IIS server, type the following commands
at a command prompt:
1 2 |
cd C:Program FilesWindows Resource KitsTools WinHttpCertCfg -g -c LOCAL_MACHINEMY -s "ABC" -a "ASPNET" |
These commands assume that the tool is installed in the default
location at C:Program FilesWindows
Resource KitsTools and that the client certificate’s subject
name is �ABC�. The -s argument
is equivalent to the Issued To field in the MMC. The ASPNET account
is valid for XP computers. You should use the �NetworkService� account
for other Windows platforms. For the -c argument,
always use �LOCAL_MACHINEMY� rather
than the actual name of the local computer.
For more information about the configuration tool�s
options, type WinHttpCertCfg -help at
the command prompt. For more information about installing client
certificates for Web applications and services, see the Microsoft Help and Support site.