trusted_certificate

Specify a file containing a list of trusted root certificates used for secure synchronization.

Note

Separately licensed component required.

ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.

See Separately licensed components.

Syntax

trusted_certificate=filename

When synchronization occurs through a TLS synchronization stream, the MobiLink server sends its certificate to the client, and the certificate of the entity that signed it, and so on up to a self-signed root.

The client checks that the chain is valid and that it trusts the root certificate in the chain. This feature allows you to specify which root certificates to trust.

Certificates are used according to the following rules of precedence:

For UltraLite clients, if certificates were set in the database by ulinit or ulload, then those certificates are used.
If the trusted_certificate parameter is provided, then the certificates from the specified file are used, replacing any trusted certificates that were stored in the database using ulinit or ulload.
If certificates are not specified by either the trusted_certificate parameter or by ulinit or ulload and you are on Windows, Windows Mobile, or Android, certificates are read from the operating system's trusted certificate store. This certificate store is used by web browsers when they connect to secure web servers via HTTPS.

For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.

For information about how to set network protocol options with UltraLite, see Network protocol options for UltraLite synchronization streams.

Example

The following example sets up RSA encryption for an HTTPS protocol. This requires setup on the server and client. Each command must be written on one line.

The server implementation is:

mlsrv12 
   -c "DSN=SQL Anywhere 12 Demo;UID=DBA;PWD=sql" 
   -x https(
     identity=c:\%SQLANY12%\bin32\rsaserver.id;
     identity_password=test)

On a SQL Anywhere client, the implementation is:

dbmlsync 
   -c "DSN=mydb;UID=DBA;PWD=sql" 
   -e "ctp=https;
       adr='trusted_certificate=c:\%SQLANY12%\bin32\rsaroot.crt;
          certificate_name=RSA Server"
          certificate_company=test;
          certificate_unit=test'"

On an UltraLite client, the implementation is:

info.stream = "https";
    info.stream_parms = 
       "trusted_certificate=\%SQLANY12%\bin32\rsaroot.crt;"
       "certificate_name=RSA Server;"
       "certificate_company=test;"
       "certificate_unit=test";

Discuss this page in DocCommentXchange.