SSL, also called Transport Layer Security (TLS), provides a lightweight, easy-to-administer security mechanism with several encryption algorithms. It is intended for use over those database connections and routes where increased security is required.
SSL uses certificates issued by certificate authorities (CAs) to establish and verify identities. A certificate is like an electronic passport; it contains all the information necessary to identify an entity, including the public key of the certified entity and the signature of the issuing CA.
This document provides instructions for setting up SSL on Replication Server. See documentation from your third-party SSL security mechanism for instructions for using that software. See also the Internet Engineering Task Force (IETF) Web site for additional information.
An SSL installation requires these items:
Certificate authority – a valid entity that verifies and signs certificates. Each CA has its own verification policies for issuing digital signatures.
Certificate – an electronic document that identifies a server, a user, an organization, or other entity. A certificate contains the public key of the certified entity and a signature of the issuing CA.
Filter – a special network driver that filters information delivered to and from a port.
Identity file – concatenates a certificate and the certificate’s private key.
Trusted roots file – contains a list of certificates. Open Client/Server accepts only those CAs listed in the trusted roots file.
CipherSuites – a set of cryptographic algorithms for authenticating a client and server, transmitting certificates, encrypting data, and establishing security session keys.
The SSL protocol runs above TCP/IP and below application protocols such as HTTP or TDS. Before the SSL connection is established, the server and client exchange a series of I/O round trips to negotiate and agree upon a secure encrypted session. This process is called the SSL handshake.
