Creating an SSL Security Profile in Sybase Control Center

Security profiles define the security characteristics of a client/server session. Assign a security profile to a listener, which is configured as a port that accepts client connection requests of various protocols. Unwired Server uses multiple listeners. Clients that support the same characteristics can communicate to Unwired Server via the same port defined in the listener.

Note: A security profile can be used by one or more servers in a cluster, but cannot used by multiple clusters.
  1. In the left navigation pane, expand the Servers folder and select a server.
  2. Select Server Configuration.
  3. In the right administration pane, select the General tab.
  4. From the menu bar, select SSL Configuration.
  5. In the Configure security profile table:
    1. Enter a name for the security profile.
    2. Enter a certificate alias. This is the logical name for the certificate stored in the keystore.
    3. Select an authentication level:
      If the security profile authenticates only the server, then only the server must provide a certificate to be accepted or rejected by the client. If the security profile authenticates both the client and the server, then the client is also required to authenticate using a certificate; both the client and server will provide a digital certificate to be accepted or rejected by the other.
      Profile Authenticates Cipher suites
      intl server
      • SA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      intl_mutual client/server
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      strong server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      strong_mutual client/server

      For example, this is the required option for mutual authentication of Unwired Platform and Gateway.
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      domestic server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • TLS_RSA_WITH_NULL_MD5
      • TLS_RSA_WITH_NULL_SHA
      domestic_mutual client/server
      • RSA_WITH_3DES_EDE_CBC_SHA
      • RSA_WITH_RC4_128_MD5
      • RSA_WITH_RC4_128_SHA
      • RSA_WITH_DES_CBC_SHA
      • RSA_EXPORT_WITH_RC4_40_MD5
      • RSA_EXPORT_WITH_DES40_CBC_SHA
      • RSA_WITH_NULL_MD5
      • RSA_WITH_NULL_SHA
  6. Click Save.
  7. From the Communication Ports menu, assign the security profile to the desired management or communication ports.
Next
If you configure a secure port on one server, you must enable it on every node in the cluster, then restart all servers in the cluster to commit the configuration changes.
Parent topic: Configuring SSL Properties
Previous topic: Defining Certificates for SSL Encryption
Next topic: Enabling OCSP