Configuring the SSL Certificate

Ensure the security of encrypted SSL communication between Sybase Control Center and browser clients by installing an X.509 certificate.

When you start Sybase Control Center for the first time, it generates a self-signed X.509 Secure Sockets Layer (SSL) certificate for the host that it is running on. Because self-signed certificates are not issued by a trusted certificate authority, most browsers show an error when they try to connect to Sybase Control Center using the self-signed certificate.

You can override the browser error or add a security exception. It is generally safe to accept the self-signed certificate if you know that the server is on a protected machine. However, your browser may still display a certificate error.

To eliminate certificate errors, install a permanent SSL certificate from a certificate authority. Sybase recommends that you install a certificate signed by a certificate authority before using Sybase Control Center in your production network. Obtain a certificate for each machine on which a Sybase Control Center server is installed.

The following is an overview of purchasing and installing an SSL certificate from a certificate authority. For full details, see http://docs.codehaus.org/display/JETTY/How+to+configure+SSL.

  1. To obtain an SSL certificate from a known certificate authority (such as VeriSign, Inc. or Thawte, Inc.), generate a certificate signing request (CSR) and send it to the certificate authority. Use one of these commands to generate the CSR:

    Windows:

    keytool -certreq -alias jetty -keystore 
    %SYBASE%\SCC-3_2\services\EmbeddedWebContainer\keystore 
    -file scc_jetty.csr
    
    UNIX:
    keytool -certreq -alias jetty -keystore 
    $SYBASE/SCC-3_2/services/EmbeddedWebContainer/keystore 
    -file scc_jetty.csr
    
    Note: The keytool utility resides in the Sybase JRE installation directory:

    Windows: %SYBASE_JRE7%\bin\keytool

    UNIX: $SYBASE_JRE7/bin/keytool

  2. Follow the instructions provided by the certificate authority to import the signed certificate into the Sybase Control Center keystore and, if necessary, to install the certificate authority’s trusted certificate in the “truststore,” cacerts. Typically, the command to import the signed certificate is:

    Windows:

    keytool -keystore %SYBASE%\SCC-3_2\services\EmbeddedWebContainer\keystore 
    -import -alias jetty -file scc_jetty.crt -trustcacerts 
    UNIX:
    keytool -keystore $SYBASE/SCC-3_2/services/EmbeddedWebContainer/keystore 
    -import -alias jetty -file scc_jetty.crt -trustcacerts 

    The initial keystore password is changeit.