The SQL Anywhere web server supports HTTPS connections using SSL version 3.0 and TLS version 1.0.
To set up transport-layer security for SQL Anywhere web services, perform the following steps:
Obtain digital certificates You need server certificate files and identity files. Certificates (which can be Certificate Authority certificates) are distributed to browsers or web clients. Server identity files are stored securely with your SQL Anywhere web server.
For general information about creating digital certificates, including information about using Certificate Authorities, see Creating digital certificates.
Start the web server with transport-layer security Use the -xs database server option to specify HTTPS, the server identity file, and the password to protect the private key.
Following is the syntax of a partial dbsrv11 command line.
-xs protocol( [ fips={ y | n }; ] identity=server-identity-filename; identity_password=password;... ) ...
protocol can be https, or https with fips=y for FIPS-approved RSA encryption. FIPS-approved HTTPS uses a separate approved library, but is compatible with HTTPS.
The Mozilla Firefox browser can connect when FIPS-approved HTTPS is used. However, the cipher suite used by FIPS-approved HTTPS is not supported by most versions of the Internet Explorer, Opera, or Safari browsers—if you are using FIPS-approved HTTPS, these browsers may not be able to connect.
For information about enforcing the FIPS-approved algorithm, see -fips server option.
server-identity-filename The path and file name of the server identity. For HTTPS, you must use an RSA certificate.
password The password for the server private key. You specify this password when you create the server certificate.
For more information about the -xs server option, see -xs server option.
For more information about the identity and identity_password parameters, see:
Configure web clients Configure browsers or other web clients to trust certificates. The trusted certificate can be self-signed, an enterprise root, or a Certificate Authority certificate.
For general information about creating digital certificates, including information about using Certificate Authorities, see Creating digital certificates.
Send feedback about this page via email or DocCommentXchange | Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0 |