Creating Certificates Specific to the DirectConnect Server and Service

Learn the steps to create the certificate of authority files for the specific DirectConnect server and service.

Note: On UNIX, the name of the server and service must be the same.
  1. Enter the parameters for the CA.
    prompt%
    vi DC.in
    req_certtype=Server
req_keytype=RSA
req_keylength=512
req_country=US
req_state=CO
req_locality=Boulder
req_organization=Sybase
req_orgunit=Database
req_commonname=servicename
    Note: For more information about certreq parameters, see the Adaptive Server Utilities Guide.
  2. Create private key and certificate request files for the service:
    prompt% certreq -F DC.in -R servicename_req.txt 
-K servicename_pkey.txt -P yourdcpassword
  3. Create a public key file, <servicename>.crt, using the <servicename>_req.txt file with the CA private key file to sign the public key file:
    prompt% certauth -C trusted.txt 
-Q servicename_req.txt -K CA_pkey.txt 
-P yourcapassword
-T 180 -O servicename.crt

    You see:

    -- Sybase SSL Certificate Authority Utility --
Certificate Validity:
      startDate = Wed May 28 11:51:53 2008
      endDate = Mon Nov 24 10:51:53 2008
setting serial number 0xffff940cffff8cb11ab
Could not sign certificate using signature type 20, error 'No error string returned.' (3000).
Could not sign certificate using signature type 22, error 'No error string returned.' (3000).
CA sign certificate SUCCEED using signature type 2, return 'SSLNoErr' (0).
  4. Append the service name private key file to the signed service name public key file:
    prompt% cat servicename_pkey.txt >> servicename.crt
  5. Verify that the private key file is appended and is similar to the following by entering:
    prompt% cat servicename.crt
  6. Copy the trusted.txt file to the <servicename>.txt file:
    prompt% cp trusted.txt servicename.txt
  7. Create and enter an encrypted password to establish an SSL connection:
    prompt% pwdcrypt

    Enter the password that is to be encrypted.

    Note: You cannot see the password you enter. This is your yourcapassword.
    Enter password again:
The encrypted password:
0x018c2e0ea8cfc44513e8ff06f3a1b20825288d0ae1ce79268d0e8669313d1bc4c70c
  8. Insert the encrypted password into a file:
    prompt% vi servicename.pwd
  9. Copy the trusted.txt file to the srvname.txt file:
    cp trusted.txt srvname.txt
  10. Verify that all of these files are present:
    prompt% ls
    CA.in
CA_pkey.txt
CA_req.txt
    servicename.crt
servicename.pwd
servicename.txt
servicename_pkey.txt
servicename_req.txt
srvname.txt
trusted.txt
Parent topic: Set Up SSL on UNIX Server