You need digital certificates to set up transport-layer security. You can obtain certificates from a certificate authority, or you can create them using SQL Anywhere functionality.
You can use the SQL Anywhere Certificate Creation utility, createcert, to generate X.509 certificate files using RSA or ECC. See Certificate Creation utility (createcert).
You can use the SQL Anywhere Certificate Viewer utility, viewcert, to read X.509 certificates using RSA or ECC. See Certificate Viewer utility (viewcert).
You can follow the same process to create certificate files for server authentication. In each case, you create an identity file and a certificate file.
For server authentication, you create a server identity file and a certificate file to distribute to clients.
The certificate can be self-signed or signed by a commercial or enterprise Certificate Authority.
Self-signed certificates Self-signed server certificates can be used for simple setups. See Self-signed root certificates.
Enterprise root certificates An enterprise root certificate can be used to sign server certificates to improve data integrity and extensibility for multi-server deployments.
See Certificate chains.
Commercial Certificate Authorities You can use a third-party Certificate Authority instead of an enterprise root certificate. Commercial Certificate Authorities have dedicated facilities to store private keys and create high-quality server certificates.
Self-signed root certificates
Certificate chains
Globally-signed certificates
Discuss this page in DocCommentXchange. Send feedback about this page using email. |
Copyright © 2009, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.1 |