Example to set up connectivity

The following example provides all the steps required to set up connectivity to the isql client.

To copy the certificate and the trusted roots file

1. Add the following to the path of the environment variable (%SYBASE%\SYBASE.bat):

   %SYBASE%\OCS-12_5\lib3p
   

2. Set the environment by running the following from a command window:

   %SYBASE%\SYBASE.bat 
   

3. Enter the following to go to the certreq directory:

   cd %SYBASE%\OCS-12_5\bin
   

4. Execute the setsslreq utility, one time only, on Windows to set SSL registry key information for Open Server.

5. Execute the following command to begin the certification process:

   D:\ecda_126\OCS-12_5\bin>certreq
   

6. Choose the certificate request type from the following:

   S - Server certificate request.
   C - Client certificate request.
   Q - Quit.
   

   Enter S.

7. Choose the key type from the following:

   R - RSA key pair.
   D - DSA with ephemeral Diffie-Hellman key exchange.
   Q - Quit.
   

   Enter R.

8. Enter the information in each of the following fields as it appears:

   Key length (512,768,1024 for DSA; 512-2048 for RSA) : 512
   Country: US
   State: California
   Locality: Dublin
   Organization: Sybase
   Organizational Unit: ecda
   Common Name: dcossl (Must be the same name as the DCO server)
   

9. A key pair is being generated which takes a period of time. When completed, enter the information in the following fields as it appears:

   Password for private key (max 64 chars): sybase
   File path to save request: ca_req.txt
   File path to save private key: ca_pkey.txt
   

10. Enter the following:

    D:\ecda_126\OCS-12_5\bin>certauth -r -C ca_req.txt 
    -Qca_req.txt -Kca_pkey.txt -O trusted.txt -P sybase
    

11. The following appears:

    -- Sybase Test Certificate Authority certauth/12.5.2/EBF 11798/P/NT(IX86)/OS 4.0/ase1252 /1831/32-bit/OPT/Fri Apr 09 04:35:35 2004 --
    Certificate Validity:
    startDate = Mon Feb 07 15:18:00 2005
    endDate = Tue Feb 07 15:18:00 2006
    CA sign certificate SUCCEED (0)
    

12. Enter the following to go to the certreq directory:

    D:\ecda_126\OCS-12_5\bin>certreq
    

13. Choose the certificate request type from the following:

    S - Server certificate request.
    C - Client certificate request.
    Q - Quit.
    

    Enter S.

14. Choose the key type from the following:

    R - RSA key pair.
    D - DSA with ephemeral Diffie-Hellman key exchange.
    Q - Quit.
    

    Enter R.

15. Enter the information in each of the following fields as it appears:

    Key length (512,768,1024 for DSA; 512-2048 for RSA) : 512
    Country: US
    State: California
    Locality: Dublin
    Organization: Sybase
    Organizational Unit: ecda
    Common Name: dcossl (Must be the same name as the DCO server)
    

16. A key pair is being generated which takes a period of time. When completed, enter the information in the following fields as it appears:

    Password for private key (max 64 chars): sybase
    
    File path to save request: dcossl_req.txt (Must begin with the same name as the DCO server)
    
    File path to save private key: dcossl_pkey.txt 
    (Must begin with the same name as the DCO server)
    

17. Enter the following:

    D:\ecda_126\OCS-12_5\bin>certauth -Ctrusted.txt -Qdcossl_req.txt -Kca_pkey.txt -Odcossl.crt -Psybase
    

18. The following appears:

    -- Sybase Test Certificate Authority certauth/12.5.2/EBF 11798/P/NT(IX86)/OS 4.0/ase1252 /1831/32-bit/OPT/Fri Apr 09 04:35:35 2004 --
    Certificate Validity:
    startDate = Mon Feb 07 15:18:00 2005
    endDate = Tue Feb 07 15:18:00 2006
    CA sign certificate SUCCEED (0)
    

19. Copy the certificate created to the directory specified in the DCO server configuration file by entering the following: (This directory is created and determined by the DCO administrator.)

    D:\ecda_126\OCS-12_5\bin>copy dcossl.crt d:\ecda_126\DCO-12_5\certificates
    

20. Copy the trusted roots file to the directory specified by the DCO server configuration file. If the isql client is in a different location, the trusted.txt file created by the steps above, can be concatenated to the trusted.txt file contained in the ini or config directory. Enter the following:

    D:\ecda_126\OCS-12_5\bin>type trusted.txt >> d:\ecda_126\ini\trusted.txt
    

21. Alter the sql.ini or interfaces file and append the master and query entries for the DCO server with the ssl filter tag.

    [dcossl]
    

    master=NLWNSCK,winserver,12700,ssl
    query=NLWNSCK,winserver,12700,ssl
    

22. Edit the DirectConnect for Oracle configuration file as described in “Enabling SSL”.