The SSL protocol allows connections to be secured using public-key encryption and authentication algorithms that are based on digital certificates. SSL is a wrapper protocol: packets for another protocol are secured by embedding them inside SSL packets. For example, HTTPS is HTTP secured by embedding each HTTP packet within an SSL packet. Similarly, IIOPS is IIOP embedded within SSL.
EAServer’s built-in SSL driver supports dynamic negotiation, cached and shared sessions, and authorization for client and server using X.509 Digital Certificate support.
For an overview of security in EAServer and more information about EAServer and SSL, see the EAServer Security Administration and Programming Guide.
For more information about the SSL protocol, see the documentation for security on the Netscape DevEdge Web site.
The quality of protection (QOP) for EAServer packages, components, and methods can be set in EAServer Manager. QOP establishes a minimum level of encryption and authentication that a client must meet before it can access a component’s business logic. For example, to set the quality of protection for a component, add the com.sybase.jaguar.component.qop property on the All Properties page of the component’s property sheet and set it to a security characteristic provided with EAServer, such as sybpks_intl.
For a description of configuring QOP on the server and a list of security characteristics provided with EAServer, see the EAServer Security Administration and Programming Guide. This chapter describes configuring QOP on the client.
In EAServer Manager, you can configure a secure IIOP or HTTP port by configuring a listener and associating a security profile with the listener. The profile designates a security certificate to be sent to clients to verify that the connection ends at the intended server, as well as other security settings.
PowerBuilder clients need a public key infrastructure (PKI) system to manage digital certificates. You can use Security Manager, which manages the EAServer certificate database, or you can use Entrust/Entelligence, available separately from Entrust Technologies (http://www.entrust.com).
For more information about PKI and configuring secure ports and authentication options, see the EAServer Security Administration and Programming Guide.
EAServer provides several sets of client runtime files. Because SSL support in PowerBuilder clients is provided through the C++ client ORB, you should install the SSL and C++ runtime files on the computer on which PowerBuilder SSL clients will run. The installation includes the client-side security database, SSL support libraries, and the client-side Security Manager. You also need to configure the client installation to load the client libraries when you run your application. See the Installation Guide for more information.