Adds, deletes, or displays a list of server certificates for Adaptive Server.
sp_ssladmin [addcert, certificate_path [, password | NULL]]
sp_ssladmin [dropcert, certificate_path]
sp_ssladmin [lscert]
sp_ssladmin [help]
adds a certificate for the local server in the certificates file.
specifies the absolute path to the certificates file on the local server.
the password that is used to encrypt the private key when adding a new server certificate to the certificates file.
used to require an attended atart-up of Adaptive Server by requesting the password during start-up from the command line.
deletes the certficate from the certificate file.
lists the certificates in the certificate file.
displays online help for sp_ssladmin.
This adds an entry for the local server, Server1.crt, in the certificates file in the absolute path to /sybase/ASE-12_5/certificates (x:\sybase\ASE-12_5\certificates on Windows). The private key is encrypted with the password “mypassword”. The password should be the one specified when you created the private key:
sp_ssladmin addcert, "/sybase/ASE-12_5/certificates/Server1.crt", "mypassword"
Deletes the certificate, Server1.crt from the certificates file located in /sybase/ASE-12_5/certificates (x:\sybase\ASE-12_5\certificates on Windows):
sp_ssladmin dropcert , "/sybase/ASE-12_5/certificates/Server1.crt"
Lists of all server certificates on the local server:
sp_ssladmin lscert go
certificate_path ---------------------------------------- /sybase/ASE-12_5/certificates/Server1.crt
The Adaptive Server listener must present to the client a certificate. The common name in the certificate must match the common name used by the client in the interfaces file. If they do not match, the server authentication and login fail.
When NULL is specified as the password, dataserver must be started with a -y flag. This flag prompts the administrator for the private-key password at the command line.
The use of NULL as the password is intended to protect passwords during the intitial configuration of SSL, before the SSL encrypted session begins.
After restarting Adaptive Server with an SSL connection established, use sp_ssladmin again, this time using the actual password. The password is then encrypted and stored by Adaptive Server. Any subsequent starts of Adaptive Server from the command line would use the encrypted password; you do not have to specify the password on the command line during start up.
You can specify “localhost” as the hostname in the interfaces file (sql.ini on Windows) to prevent clients from connecting remotely. Only a local connection can be established, and the password is never transmitted over a network connection.
You must have the System Security Officer role to use sp_ssladmin.
