Setting up transport-layer security

The following steps provide an overview of the tasks required to set up transport-layer security.

  1. Obtain digital certificates.

    You need identity files and certificate files. The server identity file contains the server's private key and should be stored securely with the database or MobiLink server. You distribute the server certificate file to your clients.

    You can buy certificates from a certificate authority. SQL Anywhere also provides functionality to create certificates, which is especially useful for development and testing. See Digital certificates.

  2. If you are setting up transport-layer security for SQL Anywhere client/server applications:

    • Start the SQL Anywhere database server with transport-layer security   Use the -ec database server option to specify the type of security, the server identity file name, and the password to protect the server's private key.

      If you also want to allow unencrypted connections over shared memory, specify the -es option.

      See Database server with transport-layer security.

    • Configure client applications to use transport-layer security   Specify the path and file name of trusted certificates using the Encryption connection parameter [ENC].

      See Client application configuration to use transport-layer security.

  3. If you are setting up transport-layer security for SQL Anywhere web services:

    • Start the SQL Anywhere database server with transport-layer security   Use the -xs database server option to specify the type of security, the server identity file name, and the password to protect the server's private key.

    • Configure browsers or other web clients to trust certificates   See SQL Anywhere web services encryption.

  4. If you are setting up transport-layer security for MobiLink synchronization:

    • Start the MobiLink server with transport-layer security   Use the mlsrv12 -x option to specify the security stream, the server identity file name, and the password to protect the server's private key.

      See Starting the MobiLink server with transport-layer security.

    • Configure MobiLink clients to use transport-layer security   Supply the appropriate security or network protocol options with the MobiLink synchronization client utility (dbmlsync) or UltraLite application. Specify the security stream and trusted server certificate file names.

      See MobiLink client configuration to use transport-layer security.

Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1