Generate a client-side certificate, which is not the same as the one you configure for Unwired Server HTTPS encrypted synchronization.
Prerequisites
These instructions assume you have already configured Unwired Server-side certificates correctly, and that the Unwired Server client will provide a trusted certificate. Windows IIS should be set up with Relay Server for server-side certificates, and should have Application Server and Certificate Services installed as described in Configure Relay Server with Microsoft IIS using SSL available on
http://www.sybase.com/detail?id=1059277.
Create a new client-side certificate.
-
At a command prompt, change to
<UnwiredPlatform-installDir>\servers\UnwiredServer\SQLAnywhere11\BIN32.
-
Run:
createcert
-
When prompted, enter 1024 as the RSA key length. For all remaining prompts, enter appropriate values for your deployment; for example:
C:>createcert
SQL Anywhere X.509 Certificate Generator Version 11.0.1.2250
Enter RSA key length (512-16384): 1024
Generating key pair...
Country Code: CA
State/Province: ON
Locality: Waterloo
Organization: ClientCert
Organizational Unit: ClientCert
Common Name: ClientCert
Enter file path of signer's certificate:
Certificate will be a self-signed root
Serial number [generate GUID]:
Generated serial number: 6d2f67d5a21c4d95a604b701afd37789
Certificate valid for how many years (1-100): 10
Certificate Authority (Y/N) [N]: Y
1. Digital Signature
2. Nonrepudiation
3. Key Encipherment
4. Data Encipherment
5. Key Agreement
6. Certificate Signing
7. CRL Signing
8. Encipher Only
9. Decipher Only
Key Usage [6,7]:
Enter file path to save certificate: rsa_client.crt
Enter file path to save private key: rsa_client.key
Enter password to protect private key: pwd
Enter file path to save identity: id_client.pem
Note: You must use an RSA Transport Layer Security (TLS) certificate, and not a certificate generated from ECC TLS or from another source such as openssl or createcert in an SQL Anywhere installation.
Note: Make a note of your private-key file path and password values (rsa_client.key and pwd), and the certificate and identity file paths (rsa_client.crt and id_client.pem). You will need these values again.