Creating a Certificate Authority

Create RSA certificates to be used as the certificate authority (CA). Unwired Platform does not support ECC certificates.

  1. At a command prompt, change to <UnwiredPlatform_InstallDir>UnwiredPlatform\Servers\SQLAnywhere11\BIN32.
  2. Run:

    createcert -s

    The -s option generates a root certificate.

  3. When prompted, enter 1024 as the RSA key length. For all remaining prompts, enter appropriate values for your deployment; for example:
    <UnwiredPlatform_InstallDir>\UnwiredPlatform\Servers\SQLAnywhere11\BIN32>createcert
SQL Anywhere X.509 Certificate Generator Version 11.0.1.2405
Enter RSA key length (512-16384): 1024
Generating key pair...
Country Code: US
State/Province: CA
Locality: Dublin
Organization: MyCompanyCA
Organizational Unit: PTO
Common Name: MyCompanyCA
Enter file path of signer's certificate:
Certificate will be a self-signed root
Serial number [generate GUID]:<enter>
Generated serial number: 3f52ee68c8604e48b8359e0c0128da5a
Certificate valid for how many years (1-100): 10
Certificate Authority (Y/N) [N]: Y
1.  Digital Signature
2.  Nonrepudiation
3.  Key Encipherment
4.  Data Encipherment
5.  Key Agreement
6.  Certificate Signing
7.  CRL Signing
8.  Encipher Only
9.  Decipher Only
Key Usage [6,7]: <enter>
Enter file path to save certificate: rsa_root.crt
Enter file path to save private key: rsa_key.key
Enter password to protect private key: <MyPwd>
Enter file path to save identity: id.pem
    Note: You must use only an RSA Transport Layer Security (TLS) certificate, and not a certificate generated from ECC TLS or from a third-party source such as openssl, or by using a createcert- produced certificate from another Sybase product installation.
  4. Record your private-key file path and password values, and the certificate and identity file paths. You will need these values again when fulfilling certificate requests for the Web server.
Parent topic: Encrypting Relay Server Connections
Previous topic: Reviewing Relay Server Encryption Considerations
Next topic: Generating a Certificate Request
Related reference
Certificate Creation (createcert) Utility