Describes how to revoke a Sybase SSL certificate. In some situations, specific SSL certificates may need to be revoked for security or administrative reasons.
To revoke a Sybase CEP SSL certificate:
If the SSL certificate installed was provided by a third-party vendor, contact the vendor for instructions on obtaining the CRL. If the SSL certificate was not provided by a third-party vendor and you installed it yourself, then generate the CRL yourself, using a CRL tool such as crlutil from Mozilla.
The Sybase CEP Server bin directory.
The default SybaseC8Repository directory. On Microsoft Windows, this directory is:
C:\Documents And Settings\ user-name \ My Documents\SybaseC8Repository\ version
On UNIX-like operating systems, this directory is:
$HOME/SybaseC8Repository/ version
The current working directory.
Enter the following lines in this file:
<preferences xmlns= "http://schema.sybase.com/preference/2004/05"> <preference name="SybaseC8/General/NSSFolder" value=" certificate-database-directory "/> <preference name="SybaseC8/Security/SSL/ServerAuthenticate" value=" true-or-false "/> <!--<preference name="SybaseC8/Security/SSL/ServerCertificate" value=" SSL-certificate-name "/> --> <!--<preference name="SybaseC8/Security/SSL/ClientCertificate" value=" SSL-certificate-name "/> --> </preferences>
where:
certificate-database-directory is the directory where the certificate database resides.
trueif you want the client to perform server authentication against the server. Otherwise, set this value to
false
SSL-certificate-name is the nickname of the CA Certificate (in the case of SSL server authentication) or the Client Certificate (in the case of SSL client authentication). Enter the certificate name under the "SybaseC8/Security/SSL/ServerCertificate" or "SybaseC8/Security/SSL/ClientCertificate", as appropriate, and remove the markings around the preference where the nickname was entered.
This utility is located in the Sybase CEP Server bin directory. To import the CRL, make sure that Sybase CEP Server is running and give the following command:
c8_client --cmd=importCRL --server-uri=https:// hostname:port /Server --crl-file= crl-file-path-and-name
crl-file-path-and-nameshould specify the full path and name of the file. Otherwise, you may simply specify the file name.