Create SSL entries in the Replication Server directory service—such as the
interfaces file
or an LDAP server, which defines the server address and port
numbers, and determines security protocols that are enforced for client
connections.
Replication Server implements the SSL protocol as a filter that is
appended to master and query lines in the directory service.
-
Verify that all attempts to connect to a master or query entry in a directory service with an
SSL filter supports the SSL protocol.
For example, suppose a primary
Replication Server (SYBSRV1) and a replicate Replication Server
(SYBSRV2) use the Transmission Control Protocol (TCP) and the SSL
protocol for communication.
Entries in the interfaces file might look like this:
SYBSRV1
query tcp myserver sybasehost1 5001 ssl
master tcp myserver sybasehost1 5001 ssl
SYBSRV2
query tcp myserver sybasehost2 4001 ssl
master tcp myserver sybasehost2 4001 ssl
-
You can also configure Replication Server to accept SSL connections and, at
the same time, have other connections that accept clear text or use security
mechanisms such as DCE and Kerberos.
To support both SSL and other
connection protocols, you must use multiple interfaces (sql.ini) files.
For example, a typical interfaces (sql.ini) file entry that supports the
Transmission Control Protocol (TCP) and both SSL and clear text connections
looks like this:
SYBSRV1
query tcp myserver sybasehost1 5001 ssl
master tcp myserver sybasehost1 5001 ssl
master tcp myserver sybasehost1 5001
-
The interfaces (sql.ini) file master line entries allow SYBSRV1 to listen for
both SSL and clear text connections. To make sure that SYBSRV1 sends
queries to SYBSRV2 using SSL, there must be a single query entry in the
interfaces (sql.ini) file for SYBSRV1.
To allow SYBSRV1 to send queries to
other servers using a different protocol, use a separate interfaces
(sql.ini) file.