Using encrypted columns in a clustered environment  Specifying a common name with sp_listener

Chapter 3: Using Security with a Clustered Environment

Using SSL in a clustered environment

The Cluster Edition allows the server name specified in the directory service entry to be different from the common name the SSL server certificate uses for performing an SSL handshake. This allows you to use a fully-qualified domain name for the SSL certificate common name (for example server1.bigcompany.com) and use the same certificate for multiple servers.

To add a common name to the interfaces file, use this format:

ase1
   master tcp ether host_name port_number ssl="CN='common_name'"
   query tcp ether host_name port_number ssl="CN='common_name'"
ase2
   master tcp ether host_name port_number ssl="CN='common_name'"
   query tcp ether host_name port_number ssl="CN='common_name'"
ase3
   master tcp ether host_name port_number ssl="CN='common_name'"
   query tcp ether host_name port_number ssl="CN='common_name'"
mycluster
   query tcp ether host_name port_number ssl="CN='common_name'"
   query tcp ether host_name port_number ssl="CN='common_name'"
   query tcp ether host_name port_number ssl="CN='common_name'"

Where common_name is the fully-qualified domain name for the cluster node. common_name can include white space. Instances defined in the interfaces file may or may not use the same common name.

NoteYou can add only one SSL certificate to a master database. Because each instance in a cluster shares the same disk, they all use the same path for the SSL server certificate. Sybase recommends that all instances use the same common name.

For example, this is a sample interfaces file entry for cluster mycluster:

ase1
   master tcp ether blade1 19786 ssl="CN='ase1.big server 1.com'"
   query tcp ether blade1 19786 ssl="CN='ase1.big server 1.com'"
ase2
   master tcp ether blade2 19886 ssl="CN='ase1.big server 1.com'"
   query tcp ether blade2 19886 ssl="CN='ase1.big server 1.com'"
ase3
   master tcp ether blade3 19986 ssl="CN='ase1.big server 1.com'"
   query tcp ether blade3 19986 ssl="CN='ase1.big server 1.com'"
mycluster
   query tcp ether blade1 19786 ssl="CN='ase1.big server 1.com'"
   query tcp ether blade2 19886 ssl="CN='ase1.big server 1.com'"
   query tcp ether blade3 19986 ssl=ssl="CN='ase1.big server 1.com'"



Copyright © 2012. Sybase Inc. All rights reserved. Specifying a common name with sp_listener

View this document as PDF