Create SSL entries in the Replication Server directory service—such as the interfaces file or an LDAP server, which defines the server address and port
numbers, and determines security protocols that are enforced for client
connections.
Replication Server implements the SSL protocol as a filter that is
appended to master and query lines in the directory service.
- Verify that all attempts to connect to a master or query entry in a directory service with an
SSL filter supports the SSL protocol.
For example, suppose a primary
Replication Server (SYBSRV1) and a replicate Replication Server
(SYBSRV2) use the Transmission Control Protocol (TCP) and the SSL
protocol for communication.
Entries in the
interfaces file might look like this:
SYBSRV1
query tcp myserver sybasehost1 5001 ssl
master tcp myserver sybasehost1 5001 ssl
SYBSRV2
query tcp myserver sybasehost2 4001 ssl
master tcp myserver sybasehost2 4001 ssl
- You can also configure Replication Server to accept SSL connections and, at
the same time, have other connections that accept clear text or use security
mechanisms such as DCE and Kerberos.
To support both SSL and other connection protocols, you must
use multiple interfaces
files.
For example, a typical
interfaces
file entry that
supports the TCP and both SSL and clear text connections looks like
this:
SYBSRV1
query tcp myserver sybasehost1 5001 ssl
master tcp myserver sybasehost1 5001 ssl
master tcp myserver sybasehost1 5001
- The interfaces
file master line
entries allow SYBSRV1 to listen for both SSL and clear text connections. To make
sure that SYBSRV1 sends queries to SYBSRV2 using SSL, there must be a single
query entry in the interfaces
file for
SYBSRV1.
To allow SYBSRV1 to send queries to other servers using a
different protocol, use a separate interfaces
file.