The list of known and trusted CAs is maintained in the trusted roots file. The trusted roots file is similar in format to a certificate file, except that it contains certificates for CAs known to the entity (client applications, servers, network resources, and so on). The System Security Officer adds and deletes CAs using a standard ASCII-text editor.
The trusted roots file for Open Client and Open Server is as follows:
For UNIX – $SYBASE/config/trusted.txt
For Windows – %SYBASE%\ini\trusted.txt
Currently, the recognized CAs are Thawte, Entrust, Baltimore, VeriSign and RSA.
By default, Adaptive Server stores its own trusted roots file in:
UNIX – $SYBASE/$SYBASE_ASE/certificates/servername.txt
Windows – %SYBASE%\%SYBASE_ASE%\certificates\servername.txt
Both Open Client and Open Server allow you to specify an alternate location for the trusted roots file:
Open Client:
ct_con_props (connection, CS_SET, CS_PROP_SSL_CA, “$SYBASE/config/trusted.txt”, CS_NULLTERM, NULL);
where $SYBASE is the installation directory. CS_PROP_SSL_CA can be set at the context level using ct_config, or at the connection level using ct_con_props.
Open Server:
srv_props (context, CS_SET, SRV_S_CERT_AUTH, “$SYBASE/config/trusted.txt”, CS_NULLTERM, NULL);
where $SYBASE is the installation directory.
bcp and isql utilities also allow you to specify an alternative location for the trusted roots file.The parameter -x is included in the syntax, allowing you to specify an alternative location for the trusted.txt file.
