Setting up SSL in Sybase products  Setting up SSL in IBM z/OS

Appendix D: Setting Up Secure Sockets Layer Protocol

Setting up SSL in ASE and Open Client

Follow these procedures to configure and enable ASE and Open Client with SSL.

StepsTo set up SSL in ASE

  1. Obtain an ASE license for the SSL feature, either ASE_ASM or ASE_SECDIRS (SySAM).

  2. Obtain a certificate for the server (plus any CA).

    Use the Sybase-provided utilities certreq and certauth to respectively generate and sign server certificates or CA (self-signed) certificates.

  3. Install the server certificate with the private key appended. The default location and naming scheme for the server certificate is $SYBASE/$SYBASE_ASE/certificates/<server>.crt.

    NoteThe <server> name must match the server name from the interfaces file, as well as the CommonName from the server certificate.

  4. Install CA certificates for the server at this location: $SYBASE/$SYBASE_ASE/certificates/<server>.txt.

  5. Use the sp_ssladmin addcert command to let the server know about the certificate location.

  6. To enable SSL in the server, issue this statement:

    sp_configure "enable ssl", 1

  7. Modify directory services so that listening ports use SSL by adding the keyword ssl to the appropriate interfaces file entries.

StepsTo set up SSL in Open Client

  1. Install client copies of CA certificates. You must concatenate your <server>.txt file to the trusted.text file, or simply create a new trusted.text file with the <server>.txt contents.

    Client default locations are:

    • For UNIX: $SYBASE/config/trusted.txt

    • For Windows: %sybase%\ini\trusted.txt

  2. Enable SSL on the port in Directory Servers, for example, the interfaces file.




Copyright © 2007. Sybase Inc. All rights reserved. Setting up SSL in IBM z/OS

View this document as PDF