Creating Certificates for the Specific DirectConnect Server and Service

Learn the steps to create the certificate of authority files for the specific DirectConnect server and service.

  1. Enable SSL and identify the name of the access service using the SSLEnabled and SSLServices properties.
  2. From C:\<install_dir>\DC-15_0\bin, use a text editor to create the DC.in file. (Refer to the Adaptive Server Utilities Guide document for certreq parameters.)
    notepad DC.inreq_certtype=Server
req_keytype=RSA
req_keylength=512
req_country=US
req_state=CO
req_locality=Boulder
req_organization=Sybase
req_orgunit=Database
req_commonname=servicename

    Save the file.

  3. Create private key and certificate request files for the service by entering this, on one line:
    certreq -F DC.in -R servicename_req.txt -K servicename_pkey.txt -P yourdcpassword
  4. Create a public key file (servicename.crt) using the servicename_req.txt file with the CA private key file to sign the public key file. Enter this on one line:
    >certauth -C trusted.txt -Q servicename_req.txt 
-K CA_pkey.txt -P yourcapassword -T180 -O servicename.crt

    Here is an example of the expected result:

    Setting environment variables for this install....
    Using DC_SYBASE.bat Environment file from: C:\Sybase\DC-15_0\bin...
    1 file(s) copied.
    -- Sybase SSL Certificate Authority Utility --
Certificate Validity: 
      startDate = Thu Mar 20 10:21:41 2008
      endDate = Tue Sep 16 11:21:41 2008
Setting serial number 0x31ab52626efa122f
Could not sign certificate using signature type 20, error ‘No error string returned.’ (3000).
Could not sign certificate using signature type 22, error ‘No error string returned.’ (3000) 
CA sign certificate SUCCEED using signature type 2, return ‘SSLNoErr’ (0).
  5. Append the signed service name private key file to the signed <servicename> public key file:
    type servicename_pkey.txt >> servicename.crt
  6. Copy the trusted.txt file to the servicename.txt file:
    copy trusted.txt servicename.txt
  7. Create and enter an encrypted password to establish an SSL connection:
    pwdcrypt
    Note: You cannot see the password you enter. This is your yourcapassword.
    pwdcrypt
Enter password please:
Enter password again:
The encrypted password:
0x018c2e0ea8cfc44513e8ff06f3a1b20825288d0ae1ce79268d0e8669313d1bc4c70c
  8. From the bin directory, insert the encrypted password by copying from the previous step. Enter this on one line:
    ECHO encrypted_password>servicename.pwd
    Warning!  To ensure that servicename.pwd contains a valid password, do not insert a space between encrypted_password, the symbol “>”, and servicename.pwd file name.
  9. Copy the trusted.txt file to the srvname.txt file:
    copy trusted.txt srvname.txt
  10. Verify that these files exist in the C:\<install_dir>\DC-15_0\bin directory:
    CA_pkey.txt
CA_req.txt
servicename.txt
servicename_pkey.txt
servicename_req.txt
srvname.txt
trusted.txt
DC.in
servicename.crt
servicename.pwd
Parent topic: Set Up SSL on Windows Server