Turning on SSL Server Authentication

A description of how to turn on SSL Server authentication after installation.

To turn on server authentication:

  1. Enable SSL data encryption for Sybase CEP Engine, as described in "Enabling SSL Support".
  2. Import the proper server certificates into the Sybase SSL server's Certificate Database.

    The Certificate Database is located in the secure subdirectory of the server directory of your Sybase CEP Engine installation. Use the following command from your shell or MS-DOS prompt:

    certutil -A -n 
nickname-of-your-certificate
   -t "u,u,u" 
   -d 
certificate-directory
 -i 
certificate-filename
  3. Import the CA certificate into Sybase CEP Studio's certificate database, if you haven't done so already.

    Use the same command as in the previous step, but specify Sybase CEP Studio's secure directory instead of Sybase CEP Server's.

    The Sybase CEP Studio secure directory is located in the SybaseC8Repository. For example, on Microsoft Windows, the default location of the secure directory is:

    C:\Documents And Settings\
user-name
\My Documents\
   SybaseC8Repository\
version
\secure

    where user-name is the user name under which Sybase CEP Engine is installed and version is the version of Sybase CEP Engine (for example, 5.2.0).

    To specify a different secure directory for Sybase CEP Studio, add the following preference to the studio-preferences.xml file in the SybaseC8Repository:

    <preference name="SybaseC8/General/NSSFolder">
directory
   
</preference>
    where 
    
directory
    is the secure directory you want to use.
  4. Set the following preferences in the c8-server.conf file:
    1. Set the value of "ServerAuthenticate" preference, in the "SSL" section, to true.
    2. Add the nickname of your certificate to the configuration file, by setting the value of "ServerCertificate" in the "SSL" section to your Sybase CEP Server certificate's nickname.
    3. Make sure that the hostname of the "ManagerURI" exactly matches the SSL server certificate's Common Name (CN).

      The CN is the name of the machine or server identified by your certificate.

    4. Make sure that the "Hostname" value in the "Server/Common" section exactly matches the Server Certificate's Common Name.
  5. In the SSL client's preferences file, set the value for the "ServerAuthenticate" preference to true.

    If you are using Sybase CEP Studio Sybase CEP Studio, this configuration file is called studio-preferences.xml and is located in the SybaseC8Repository. Add the following line to this file:

    <preference name="SybaseC8/Security/SSL/ServerAuthenticate"
    value="true"/>
Parent topic: Enabling SSL Support