Configuring SSL Connection Between Replication Agent and Microsoft SQL Server

Configure Microsoft SQL Server to accept SSL connections from Replication Agent.

1. Set up a self-signed CA certificate for Microsoft SQL Server by using the Certificate Creation Tool (makecert.exe) or import a genuine CA-signed certificate.
   Note: For more information on using the Certificate Creation Tool, refer to the Microsoft documentation.

   This example demonstrates how to set up a self-signed CA certificate for testing purpose in the Windows local computer certificate store:

   1. Log in to Windows as Administrator.
   2. Open a command prompt and change to the SDK bin directory.
   3. Run the following command at the command prompt:

      makecert -r -pe -n "CN=sybase.com" -b 01/01/2012 -e 01/01/2020 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

2. Ensure that Replication Agent uses SSL to connect to Microsoft SQL Server by running:
   ra_config pds_use_ssl, true
3. Configure the common name (CN) of the server (as specified in the distinguished name (DN) of the server certificate) by running:
   ra_config pds_ssl_sc_cn, “common_name”

   where, common_name is the domain name.

4. Edit the trusted.txt file and append the contents of the CA root certificate file to the trusted.txt file.
   By default, the trusted.txt file is available in the $SYBASE/RAX-15_5/config directory.
   If the trusted.txt does not exist, either:

   • Create a new trusted.txt file in the $SYBASE/RAX-15_5/config directory.
   • Specify a different location of the trusted.txt file by using the ssl_certificates_filename parameter.
5. Start Microsoft SQL Server and restart Replication Agent for Microsoft SQL Server.
6. Test the Replication Agent connection for the primary data server by running:

   test_connection pds