trusted_certificates

Specify a file containing a list of trusted root certificates used for secure synchronization.

Separately licensed component required

ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

See Separately licensed components.

Syntax

trusted_certificates=filename

When synchronization occurs through a Certicom TLS synchronization stream, the MobiLink server sends its certificate to the client, and the certificate of the entity that signed it, and so on up to a self-signed root.

The client checks that the chain is valid and that it trusts the root certificate in the chain. This feature allows you to specify which root certificates to trust.

For UltraLite clients, trusted roots can be provided to ulinit and ulload when creating the database. If the trusted_certificates parameter is provided, the trusted certificates found in the file replace those stored in the database.

For Windows and Windows Mobile, if no trusted certificates are specified, the client loads the certificates from the operating system's trusted certificate store. This certificate store is used by web browsers when they connect to secure web servers via HTTPS.

For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.

For information about how to set network protocol options with UltraLite, see Network protocol options for UltraLite synchronization streams.

Example

The following example sets up RSA encryption for an HTTPS protocol. This requires setup on the server and client. Each command must be written on one line.

The server implementation is:

mlsrv12 
   -c "dsn=SQL Anywhere 12 Demo;uid=DBA;pwd=sql" 
   -x https(
     port=9999;
     identity=c:\sa12\bin32\rsaserver.id;
     identity_password=test)

On a SQL Anywhere client, the implementation is:

dbmlsync 
   -c "dsn=mydb;uid=DBA;pwd=sql" 
   -e "ctp=https;
       adr='port=9999;
         trusted_certificates=c:\sa12\bin32\rsaroot.crt;
         certificate_name=RSA Server'"

On an UltraLite client, the implementation is:

    info.stream = "https";
    info.stream_parms = TEXT(
      "port=9999;
       trusted_certificates=\rsaroot.crt;
       certificate_name=RSA Server");

Discuss this page in DocCommentXchange.