Transport-layer security uses encryption to protect the confidentiality and integrity of the synchronization data stream as it passes between a client and the Sybase IQ server. This feature is important whenever this communication must travel over a public or wireless network. Under such circumstances, someone with a suitable radio or network connection could otherwise intercept your data.
Furthermore, transport-layer security allows a client application to verify the identity of a Sybase IQ server. Hence, client applications can ensure that they synchronize only with Sybase IQ servers they trust.
This security is implemented by means of digital certificates. You can achieve a variety of security objectives using different types of certificates and configuring them in different ways. This section introduces the concepts that underlie public-key cryptography and explains how they apply to digital certificates. Examples illustrate several typical arrangements, each offering different benefits.
Sybase IQ transport-layer security is implemented using Certicom encryption technology. This public-key cryptographic technology uses an RSA cipher suite. When transport-layer security is invoked, all messages sent between the client and server are encrypted using a 128-bit cipher.
To invoke the server authentication features, you create and use digital certificates. Different types of certificates and different arrangements of these certificates allow you to provide various levels of security. You create the certificates using tools included with Sybase IQ.
The following steps show how to use a certificate with HTTPS synchronization.
Obtain an RSA server certificate file. For example, obtain a file called server_cert.crt with password pwd.
Obtain a public RSA certificate file. For example, obtain a file called client_cert.crt.
On the start_asiq command line, include the following:
-x https(certificate=server_cert.crt;certificate_password=pwd)
Instead of exposing the password in the command line, you can use the dbfhide utility. For more information on the File Hiding utility, see the Adaptive Server Anywhere Database Administration Guide.
In the synchronization user or the synchronization subscription, use the following type and address:
... TYPE https ADDRESS "trusted_certificates=client_cert.crt"
