Setting Up Connectivity

Copy the certificate and trusted roots files to connect to the isql client.

The example to set up connectivity uses the certreq and certauth utilities packaged with connectivity to create certificate and trusted roots files. Use these utilities only for testing; do not use them to replace authentic certificates in production environment. By default, the utilities are in C:\<install_dir>\DCO-15_0\bin. You must substitute the name of your DirectConnect server for the name "dcossl."
Note: In the example, the values of the "Organizational Unit" that occurs twice, must be different. If equal, you will not be able to connect and an error message will be created that will not identify the problem.
  1. To the path of the environment variable, add:
    C:\<install_dir>\OCS-15_0\lib3p
  2. From the command window, set the environment:
     C:\<install_dir>\DCO-15_0\DCO_SYBASE.bat
  3. Change to the certreq directory:
    cd C:\<install_dir>\DCO-15_0\bin
  4. On Windows, set the SSL registry key for Open Server by executing the setsslreq utility once.
  5. Begin the certification process:
    C:\<install_dir>\DCO-15_0\bin>certreq
  6. Choose the certificate request type:
    S - Server certificate request.
C - Client certificate request.
Q - Quit.

    Enter S.

  7. Choose the key type:
    R - RSA key pair.
D - DSA with ephemeral Diffie-Hellman key exchange.
Q - Quit.

    Enter R.

  8. Enter the information in each of these fields:
    Key length (512,768,1024 for DSA; 512-2048 for RSA) : 512
Country: US
State: California
Locality: Dublin
Organization: Sybase
Organizational Unit: ecda
Common Name: dcossl (Must be the same name as the DCO server)
  9. At this point, a key pair is generated, which takes a period of time. When completed, enter the information in these fields:
    Password for private key (max 64 chars): sybase
File path to save request: ca_req.txt
File path to save private key: ca_pkey.txt
  10. Enter:
    C:\<install_dir>\DCO-15_0\bin>certauth -r -C ca_req.txt -Qca_req.txt -Kca_pkey.txt -O trusted.txt -P sybase
    You see:
    -- Sybase Test Certificate Authority certauth/15.0/EBF 11798/P/NT(IX86)/OS 4.0/ase1252 /1831/32-bit/OPT/Fri Apr 09 04:35:35 2004 --
Certificate Validity:
startDate = Mon Feb 07 15:18:00 2005
endDate = Tue Feb 07 15:18:00 2006
CA sign certificate SUCCEED (0)
  11. Change to the certreq directory:
    C:\<install_dir>\DCO-15_0\bin>certreq
  12. Choose the certificate request:
    S - Server certificate request.
C - Client certificate request.
Q - Quit.

    Enter S.

  13. Choose the key type:
    R - RSA key pair.
D - DSA with ephemeral Diffie-Hellman key exchange.
Q - Quit.

    Enter R.

  14. Enter the information in each of these fields:
    Key length (512,768,1024 for DSA; 512-2048 for RSA) : 512
Country: US
State: California
Locality: Dublin
Organization: Sybase
Organizational Unit: ecda
Common Name: dcossl (Must be the same name as the DCO server)
  15. At this point, a key pair is generated, which takes a period of time. When completed, enter the information in these fields:
    Password for private key (max 64 chars): sybase

File path to save request: dcossl_req.txt (Must begin with the same name as the DCO server)

File path to save private key: dcossl_pkey.txt 
(Must begin with the same name as the DCO server)
  16. Enter:
    C:\<install_dir>\DCO-15_0\bin>certauth -Ctrusted.txt -Qdcossl_req.txt -Kca_pkey.txt -Odcossl.crt 
-Psybase
    You see:
    -- Sybase Test Certificate Authority certauth/15/EBF 11798/P/NT(IX86)/OS 4.0/ase1252 /1831/32-bit/OPT/Fri Apr 09 04:35:35 2004 --
Certificate Validity:
startDate = Mon Feb 07 15:18:00 2005
endDate = Tue Feb 07 15:18:00 2006
CA sign certificate SUCCEED (0)
  17. Append the DCO service private key to the certificate file. Enter:
    C:\<install_dir>\DCO-15_0\bin>cat dcossl_pkey.txt >> dcossl.crt
  18. Copy the certificate created to the directory specified in the DirectConnect server configuration file: (This directory is created and determined by the ECDA Option for Oracle administrator.)
    C:\<install_dir>\DCO-15_0\bin>copy dcossl.crt 
C:\<install_dir>\DCO-15_0\certificates
  19. Copy the trusted roots file to the directory specified by the DirectConnect server configuration file. If the isql client is in a different location, you can concatenate the trusted.txt file created above to the trusted.txt file in the ini or config directory. Enter:
    C:\<install_dir>\DCO-15_0\bin>type trusted.txt >> 
C:\<install_dir>\DCO-15_0\bin\trusted.txt
  20. Alter the sql.ini or interfaces file and append the master and query entries for the DirectConnect server with the ssl filter tag.
    [dcossl]
    master=NLWNSCK,winserver,12700,ssl
query=NLWNSCK,winserver,12700,ssl
  21. Edit the ECDA Option for Oracle configuration file.
Parent topic: Secure Sockets Layer
Related tasks
Enabling SSL