This section shows you how to configure SQL Anywhere clients to use transport-layer security over HTTPS or TCP/IP.
MobiLink transport-layer security is an inherent feature of the MobiLink HTTPS and TCP/IP protocols. To use transport-layer security over HTTPS, specify the trusted_certificates connection parameter using the ADR extended option. Following is the syntax for a partial dbmlsync command line.
-e "ctp=protocol; adr=[ fips={ y | n }; ] trusted_certificates=public-certificate; ..."
protocol The protocol to use. It can be https or tls. The tls protocol is TCP/IP using transport-layer security.
fips Indicates whether or not to use FIPS. FIPS can only be used with RSA encryption. FIPS-approved HTTPS uses separate FIPS 140-2 certified software from Certicom, but is compatible with version 9.0.2 or later MobiLink servers using HTTPS.
public-certificate The path and file name of a trusted certificate.
For HTTPS or FIPS-approved HTTPS, you must use certificates created using RSA encryption.
The following example specifies RSA security over HTTPS. It must all be written on one line:
dbmlsync -c "eng=rem1;uid=dba;pwd=mypwd" -e "ctp=https; adr='trusted_certificates=c:\temp\public_cert.crt; certificate_company=Sybase, Inc.; certificate_unit=IAS; certificate_name=MobiLink'" |
Alternatively, you can specify the CommunicationAddress extended option using the CREATE SYNCHRONIZATION SUBSCRIPTION or ALTER SYNCHRONIZATION SUBSCRIPTION statement. This method provides the same information, but stores it in the database.
CREATE SYNCHRONIZATION SUBSCRIPTION TO pub1 FOR user1 ADDRESS 'trusted_certificates=c:\temp\public_cert.crt; certificate_company=Sybase, Inc.; certificate_unit=IAS; certificate_name=MobiLink'; |
The following example specifies RSA security and TCP/IP. It must all be written on one line:
dbmlsync -c "eng=rem1;uid=myuid;pwd=mypwd" -e "ctp=tls; adr='port=3333; tls_type=rsa; trusted_certificates=c:\test\public_cert.crt; certificate_company=Sybase, Inc.; certificate_unit=IAS; certificate_name=MobiLink'" |
Alternatively, you can specify the CommunicationAddress extended option using the CREATE SYNCHRONIZATION SUBSCRIPTION or ALTER SYNCHRONIZATION SUBSCRIPTION statement:
CREATE SYNCHRONIZATION SUBSCRIPTION TO pub1 FOR user1 ADDRESS 'port=3333; tls_type=rsa;trusted_certificates=public_cert.crt; certificate_company=Sybase, Inc.; certificate_unit=IAS; certificate_name=MobiLink'; |
Send feedback about this page via email or DocCommentXchange | Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0 |