certauth

Description

Converts a server certificate request to a CA- (certificate authority) signed certificate. Located in $SYBASE/ASE-12_5/bin.

In Windows NT, the utility is certauth.exe, and is located in %SYBASE%\ASE-12_5\bin.

Syntax

certauth
[-r]
[-C caCert_file]
[-Q request_filename]
[-K caKey_filename]
[-O SignedCert_filename]
[-P caPassword]
[-T valid_time]

certauth -v

Parameters

-r: when specified, creates a self-signed root certificate for the test environment.

-C caCert_file: specifies the name of the CA’s certificate request file when -r is specified, or specifies the name of the CA’s root certificate.

-Q request_filename: specifies the name of certificate request file.

-K caKey_filename: specifies the name of the CA’s private key.

-O SignedCert_filename: specifies the name to use for the output when creating a signed certificate file. If -r is specified, SignedCert_filename is the self-signed root certificate. If -r option is not used, SignedCert_filename is the certificate signed by the caCert_file.

-P caPassword: specifies the CA’s password that is used to decrypt its private key.

-T valid_time: specifies the valid time range for a signed certificate. The valid time range is in units of days.

-v: prints the version number and copyright message of the certauth tool, then exits.

Examples

Example 1

This example converts the CA’s certificate request (ca_req.txt) to a certificate, using the private key (ca_pkey.txt). The private key is protected using password. This example sets the valid time range to 365 days, self-signs the certificate, and outputs it as a root certificate (trusted.txt):

certauth -r -C ca_req.txt -Q ca_req.txt
	-K ca_pkey.txt -P password -T 365 -O trusted.txt

The utility returns this message:

 -- Sybase Test Certificate Authority --
Certificate Validity:
    startDate = Tue Sep 5  10:34:43  2000
endDate = Wed Sep 5  10:34:43  2001
CA sign certificate SUCCEED (0)

You need to create a trusted root certificate for the test CA only once. After you have created the trusted root certificate, you can use it to sign many server certificates in your test environment.

Example 2

This example converts a server certificate request (srv5_req.txt) to a certificate, and sets the valid time range to 180 days. It signs the certificate with a CA’s certificate and private key (trusted.txt and ca_pkey.txt), uses password protection, and outputs the signed certificate as sybase_srv5.crt:

certauth -C trusted.txt -Q srv5_req.txt 
-K ca_pkey.txt -P password -T 180 -O sybase_srv5.crt

If you do not set valid time, the default is 365 days.

The utility returns this message:

 -- Sybase Test Certificate Authority --
Certificate Validity:
    startDate = Tue Sep  5 10:38:32  2000
endDate = Sun Mar  4 09:38:32  2001
CA sign certificate SUCCEED (0)

Below is a sample certificate. See the Usage section below for additional steps to take to create a server certificate that the server can use.

Usage

To create a server certificate file that Adaptive Server understands, append the certificate requestor’s private key to the end of the signed certificate file. Using example 2 above, you would cut and paste srv5_pkey.txt to the end of the signed certificate file, sybase_srv5.crt.
To create a trusted roots file that the server can load upon start-up, rename trusted.txt to sybase_srv5.txt where sybase_srv5.txt is the common name of the server.
Then copy the sybase_srv5.txt file into the Adaptive Server installation directory, for example, $SYBASE/$SYBASE_ASE/certificates.

The file, which is required for an SSL-based session, is used to start the SSL-enabled Adaptive Server.

After the CA’s root certificate is created, you can use it to sign multiple server certificates.