Using secure connections with EAServer
The SSL
protocol allows connections to be secured using public-key encryption
and authentication algorithms that are based on digital certificates.
SSL is a wrapper protocol: packets for another protocol are secured
by embedding them inside SSL packets. For example, HTTPS is HTTP
secured by embedding each HTTP packet within an SSL packet. Similarly,
IIOPS is IIOP embedded within SSL.
EAServer’s built-in
SSL driver supports dynamic negotiation, cached and shared sessions,
and authorization for client and server using X.509 Digital Certificate
support.
For an overview of security in EAServer and
more information about EAServer and
SSL, see the EAServer documentation.
For EAServer 6.x, see the Security Administration and Programming Guide
.
Quality of protection
The quality of protection (QOP) for EAServer packages,
components, and methods can be set in the Management Console. QOP
establishes a minimum level of encryption and authentication that
a client must meet before it can access a component’s business
logic. For example, to set the quality of protection for a component,
add the com.sybase.jaguar.component.qop property on the All Properties
page of the component’s property sheet and set it to a
security characteristic provided with EAServer,
such as sybpks_intl.
For a description of configuring QOP on the server and a list
of security characteristics provided with EAServer,
see the EAServer documentation.
This chapter describes configuring QOP on the client.
SSL certificate-based authentication
In the Management Console, you can configure a secure IIOP
or HTTP port by configuring a listener and associating a security
profile with the listener. The profile designates a security certificate
to be sent to clients to verify that the connection ends at the
intended server, as well as other security settings.
PowerBuilder clients need a public key infrastructure (PKI)
system to manage digital certificates. You can use Security Manager,
which manages the EAServer certificate
database.
For more information about PKI and configuring secure ports
and authentication options, see the EAServer documentation.
Client installation requirements
EAServer provides several
sets of client runtime files. Because SSL support in PowerBuilder
clients is provided through the client ORB, you should install the SSL
runtime files on the computer on which PowerBuilder SSL clients
will run. The installation includes the client-side security database,
SSL support libraries, and the client-side Security Manager. You
also need to configure the client installation to load the client
libraries when you run your application. See the EAServer Installation
Guide for more information.