Configuring SSL Connection Between Replication Agent and UDB

Configure UDB to accept SSL connections from Replication Agent.

  1. Create a key database file and set up a self-signed CA certificate for UDB by using the IBM GSK8 library available in the IBM SDK.
    Note: For more information on using the IBM GSK8 library, refer to the IBM documentation.
    This example demonstrates how to create a key database file and set up a self-signed CA certificate for testing purpose:
    1. Delete the existing key database file and create a new key database file called keydb.kdb and a stash file called keydb.sth by running:
      gsk8capicmd -keydb -delete -db "c:\cert\keydb.kdb" -pw "secret123"
gsk8capicmd -keydb -create -db "c:\cert\keydb.kdb" -pw "secret123" -stash
    2. Create a self-signed certificate with a label of Selfsigned by running:
      gsk8capicmd.exe -cert -create -db "c:\cert\keydb.kdb" -pw "secret123" -label "selfsigned" -dn "CN=sybase.com"
    3. Extract the certificate to a file called keydb.arm by running:
      gsk8capicmd.exe -cert -extract -db "c:\cert\keydb.kdb" -pw "secret123" -label "selfsigned" -target "c:\cert\keydb.arm" -format ascii -fips
  2. Ensure that Replication Agent uses SSL to connect to UDB by running:
    ra_config pds_use_ssl, true
  3. Edit the trusted.txt file and append the contents of the keydb.arm file to the trusted.txt file.
    By default, the trusted.txt file is available in the $SYBASE/RAX-15_5/config directory.
    If the trusted.txt does not exist, either:
    • Create a new trusted.txt file in the $SYBASE/RAX-15_5/config directory.
    • Specify a different location of the trusted.txt file by using the ssl_certificates_filename parameter.
  4. Start UDB and restart Replication Agent for UDB.
  5. Test the Replication Agent connection for the primary data server by running:
    test_connection pds
Parent topic: Setting Up SSL Services