The System Security Officer installs signed server certificates and private keys in the server. You can get a server certificate by:
Using third-party tools provided with existing public-key infrastructure already deployed in the customer environment.
Using the Sybase certificate request tool in conjunction with a trusted third-party CA.
To obtain a certificate, you must request a certificate from a CA. If you request a certificate from a third-party and that certificate is in PKCS #12 format, use the certpk12 utility to convert the certificate into a format that is understood by Open Client and Open Server. See “The certpk12 utility”.
To test the certificate request tool and to verify that the authentication methods are working on your server, Open Client and Open Server provides a certreq and certauth tool, for testing purposes, that allows you to function as a CA and issue a CA-signed certificate to yourself.
The main steps to creating a certificate for use with a server are:
Generate the certificate request.
Generate the public and private key pair.
Securely store the private key.
Send the certificate request to the CA.
After the CA signs and returns the certificate, append the private key to the certificate.
Store the certificate in the server’s installation directory.
