Configuring SQL Anywhere clients to use transport-layer security

This section shows you how to configure SQL Anywhere clients to use transport-layer security over HTTPS or TCP/IP.

Using transport-layer security over TCP/IP and HTTPS

MobiLink transport-layer security is an inherent feature of the MobiLink HTTPS and TCP/IP protocols. To use transport-layer security over HTTPS, specify the trusted_certificates connection parameter using the ADR extended option. Following is the syntax for a partial dbmlsync command line.

-e "ctp=protocol;
   adr=[ fips={ y | n }; ]
   trusted_certificates=public-certificate;
   ..."
  • protocol   The protocol to use. It can be https or tls. The tls protocol is TCP/IP using transport-layer security.

  • fips   Indicates whether to use FIPS. FIPS can only be used with RSA encryption. FIPS-approved HTTPS uses separate FIPS 140-2 certified software from Certicom, but is compatible with version 9.0.2 or later MobiLink servers using HTTPS.

  • public-certificate   The path and file name of a trusted certificate.

    For HTTPS or FIPS-approved HTTPS, you must use certificates created using RSA encryption.

See also
Examples

The following example specifies RSA security over HTTPS. It must all be written on one line:

dbmlsync -c "eng=rem1;uid=dba;pwd=mypwd"
  -e "ctp=https;
      adr='trusted_certificates=c:\temp\public_cert.crt;
      certificate_company=Sybase, Inc.;
      certificate_unit=IAS;
      certificate_name=MobiLink'"

Alternatively, you can specify the CommunicationAddress extended option using the CREATE SYNCHRONIZATION SUBSCRIPTION or ALTER SYNCHRONIZATION SUBSCRIPTION statement. This method provides the same information, but stores it in the database.

CREATE SYNCHRONIZATION SUBSCRIPTION 
 TO pub1 
 FOR user1 
 ADDRESS 'trusted_certificates=c:\temp\public_cert.crt;
    certificate_company=Sybase, Inc.;
    certificate_unit=IAS;
  certificate_name=MobiLink';

The following example specifies RSA security and TCP/IP. It must all be written on one line:

dbmlsync -c "eng=rem1;uid=myuid;pwd=mypwd"
   -e "ctp=tls;
       adr='port=3333;
           tls_type=rsa;
           trusted_certificates=c:\test\public_cert.crt;
           certificate_company=Sybase, Inc.;
           certificate_unit=IAS;
           certificate_name=MobiLink'"

Alternatively, you can specify the CommunicationAddress extended option using the CREATE SYNCHRONIZATION SUBSCRIPTION or ALTER SYNCHRONIZATION SUBSCRIPTION statement:

CREATE SYNCHRONIZATION SUBSCRIPTION 
 TO pub1 
 FOR user1 
 ADDRESS 'port=3333;
    tls_type=rsa;trusted_certificates=public_cert.crt;
       certificate_company=Sybase, Inc.;
       certificate_unit=IAS;
       certificate_name=MobiLink';