Enabling SSL

Adaptive Server determines which security service it will use for a port based on the interface file (sql.ini on Windows).

StepsEnabling SSL

  1. Generate a certificate for the server.

  2. Create a trusted roots file.

  3. Use sp_configure to enable SSL. From a command prompt, enter:

    sp_configure "enable ssl", 1
    

    1 enables the SSL subsystem at start-up, allocates memory, and SSL performs wire-level encryption of data across the network.

    0 disables SSL. This value is the default.

  4. Add the SSL filter to the interfaces file. See “Creating server directory entries”.

  5. Use sp_ssladmin to add a certificate to the certificates file. See “Administering certificates”.

  6. Shut down and restart Adaptive Server.

NoteTo request, authorize, and convert third-party certificates, see the Utility Guide for information on certauth, certreq, and certpk12 tools.

Unlike other security services, such as DCE, Kerberos, and NTLAN, SSL relies neither on the “Security” section of the Open Client/Open Server configuration file libtcl.cfg, nor objects in objectid.dat.

The System Administrator should consider memory use by SSL when planning for total physical memory. You will need approximately 40K per connection (connections include user connections, remote servers, and network listeners) in Adaptive Server for SSL connections. The memory is reserved and preallocated within a memory pool and is used internally by Adaptive Server and SSL Plus libraries as requested.