This section describes how to create, modify, and delete a security profile. All of the configuration tasks require you to first access the Security Profiles folder. To do this, highlight the Security Profiles folder from EAServer Manager.
See Table 12-3 when creating, modifying, or deleting a security profile.
Creating a new security profile
Select File | New Security Profile.
Enter the name of the new security profile. Click Create New Security Profile.
Complete the Security Profile sheet. Click Advanced to modify the default settings for the advanced SSL settings. Click Save. See Table 12-3 for a description of the security profile properties.
If you are using an Entrust ID, select the Use Entrust check box. Click the Entrust Tab and provide the Entrust information required to access your Entrust ID.
The new security profile now appears on the right side of the window when the Security Profiles folder on the left side of the window is highlighted.
Modifying an existing security profile
Highlight the security profile you want to modify.
Select File | Properties.
Modify the properties. Click Save when finished. See Table 12-3 for a description of the profile properties.
Deleting a security profile
Highlight the profile entry you want to delete.
Select File | Delete Security Profile.
Property |
Description |
Comments/example |
|---|---|---|
Name |
The name you give to the security profile. |
|
Description |
A description of the security profile. |
|
Use Entrust |
Select this check box to use an Entrust ID instead of a certificate contained in the Sybase PKCS #11 token. |
Selecting this check box prevents access to the certificates contained in the Sybase token. |
Security Characteristic |
Select a name from the drop-down list of predefined security characteristics to use for this profile. |
See Table 12-2 for a description of security characteristics and the CipherSuites they support. |
Description |
A description of the selected security characteristic. |
Each security characteristic comes with a description of its features. |
Sybase PKCS #11 Token Certificate Label |
From the drop-down list, enter the certificate label you want to use for this security profile. If you have not provided the PIN for the Sybase PKCS #11 token, you are prompted for one. This is the same PIN that you enter to access the EAServer Manager | Certificates folder. |
If you are using an Entrust ID and click the Use Entrust check box, this property does not appear. See Chapter 13, “Managing Keys and Certificates” for more information on certificates. |
SSL Cache Size |
The number of entries in SSL session cache maintained by the server. The default cache size is 30. |
|
SSL Session Share |
The number of concurrent connections that can simultaneously use the same session entry (ID) in the session cache. The default session share size is 10. |
|
SSL Session Linger |
The duration for which a session entry is kept in the SSL session cache after the last SSL session using this session ID was closed. The default session linger value is eight hours. |
|
Log SSL Errors |
When selected, additional information about SSL errors is logged. |
|
Set Defaults |
Select the Set Defaults check box to restore all of the advanced settings to their default levels. |
|
Specify the Entrust INI File |
Enter the complete path to the Entrust initialization file. |
You can use the browse feature to locate this file. For example, on Windows, %SystemRoot%\entrust.ini. |
Entrust User Profile |
Enter the complete path to the Entrust user profile file. |
You can also use the browse feature to locate this file. There is no default. |
Entrust Password |
The password to the Entrust login for this Entrust user profile. |
|
Allow non-Entrust client |
Click this check box to allow non-Entrust clients to connect to listeners that use an Entrust ID. |
|
| Copyright © 2003. Sybase Inc. All rights reserved. |
|
|
