Use the Certificate generation utility (gencert) to create a certificate or to sign pre-generated certificate requests.
| Option | Description |
|---|---|
| -c | Specifies a certificate you can use to sign other certificates. If used with -r, generates an enterprise root certificate. |
| -s | Specifies a server identity certificate. The server identity is a combination of a server's private key and public certificate. You reference the server identity certificate when you start Unwired Server (for transport-layer security) or database server (for SQL Anywhere client-server transport-layer security). If used with -r, generates a self-signed server certificate. |
| -r | Specifies a self-signed root certificate. If used with -s, gencert creates a self-signed server certificate. If used with -c, gencert creates an enterprise root certificate you can use to sign other certificates. If you specify gencert -r with no additional options, gencert creates a certificate you can use as a server certificate or an enterprise root. This option is not compatible with -q. |
| -q request-file |
Sign a pre-generated certificate request. If used with -s, gencert creates a server certificate. If used with -c, gencert creates an enterprise root certificate you can use to sign other certificates. If you specify gencert -q with no additional options, gencert creates a certificate you can use as a server certificate or an enterprise root. The -q option is not compatible with -r. |
If you do not specify -s or -c , the certificate contains the functionality provided by both options, so it can be used to sign other certificates or you can use it directly as a server certificate.
You can use the gencert utility to generate trusted public certificates, private keys, and server certificates used to secure Unwired Server synchronizations or SQL Anywhere® client-server communication. This utility creates X.509 certificates (a standard certificate format) for various security configurations.
Gencert prompts you for the following information:
| Field | Description |
|---|---|
| Cipher | Gencert prompts you to choose an ECC or RSA cipher. If you are generating an ECC certificate, gencert generates an ECC key pair. If you are generating an RSA certificate, it prompts for a key size between 512 and 2048, and then creates a certificate using RSA. (In general, longer keys provide stronger encryption but take longer to process.) |
| Country, State/Province, and Locality | These values provide general certificate identification. The locality fields are also required by third-party Certificate Authorities if you plan to use globally-signed certificates. |
| Organization, Organizational Unit, and Common Name | These fields provide additional security that the client is authenticating the correct certificate. On the client side, they correspond to the certificate_company, certificate_unit, and certificate_name protocol options, respectively. |
| Serial number | You are prompted to choose a serial number for the certificate. The serial number must use alphanumeric characters. |
| Certificate valid for how many years | You are prompted for the period (in years) that the certificate remains valid. If the certificate expires, all certificates signed by this certificate will also be invalid. Following the specified period, you will need to regenerate the enterprise root, each server certificate, and the public certificates distributed to clients. |
| Enter password to protect private key | This is the password you will specify in the certificate_password protocol option. |
| Enter file path to save certificate | Choose a file name and location for the certificate. |
| Enter file path to save private key | Choose a file name and location for the private key. |
| Enter file path to save server identity | Choose a file name and location for the server certificate. |