Configuring SSL Support

You can configure Sybase CEP Engine to use Secure Socket Layer (SSL) communications to protect sensitive data. Describes several features that you can include as part of the Sybase CEP Engine SSL configuration.

Features include:

1. Data encryption: Data passed between the Sybase client applications (such as Sybase CEP Studio) and Sybase CEP Server are encrypted.
2. SSL server authentication: The SSL client requests that the SSL server identify itself.
3. SSL client authentication: The SSL server requests that the SSL client identify itself.
4. Use of non-default communication protocols: By default, the most secure protocol is automatically negotiated on each connection.

   However, you can restrict the protocols negotiated to only SSL2, SSL3 or TLS, or to any combination of these.

5. Use of non-default encryption protocols: You can change the default protocol settings.

Secure and insecure services cannot run together. You can choose to either enable or disable SSL on all active Sybase CEP Servers in your installation.

If you are using SSL with High Availability features, enable SSL and list an https: URI for all Sybase CEP Servers that are running Manager processes (as listed in the c8-manager-cluster.xml file). See "Configuring Managers for Manager or Container High Availability" for more information about setting up High Availability features for Manager processes.

• Enabling SSL Support
  This section explains how to turn on SSL support.
• Disabling SSL Support
  A discription of how to disable SSL Support with the Sybase CEP configuration file.
• Revoking an SSL Certificate
  Describes how to revoke a Sybase SSL certificate. In some situations, specific SSL certificates may need to be revoked for security or administrative reasons.