Obtaining server-authentication certificates

Sybase IQ transport-layer security is based on Certicom SSL/TLS Plus libraries, which require elliptic-curve or RSA certificates. You can obtain a global certificate from any certificate authority that can supply certificates in the correct format. Two such companies are VeriSign and Entrust Technologies.

For more information, see http://www.verisign.com/ or http://www.entrust.com/certificate_services/index.htm.

There are several ways to obtain certificates. One way is to use the Certicom reqtool utility, which is installed when you install the security component. This tool creates a server certificate and a global certificate request. Copy the contents of the public certificate onto your clipboard, and paste them into the form on the Web site of the certificate-issuing authority. Only submit the public component of the certificate request. You must not disclose your private key.

For more information about this procedure, see the document reqtool.pdf, located in the win32 subdirectory of your SQL Anywhere 9 installation. It is installed when you install the security component.

Example

The following example creates an elliptic-curve certificate:

> reqtool -- Certicom Corp. Certificate Request Tool 3.0d1 -- Choose certificate request type:   E - Personal email certificate request.   S - Server certificate request.   Q - Quit. Please enter your request [Q] : S Choose key type:   R - RSA key pair.   D - DSA key pair.   E - ECC key pair.   Q - Quit. Please enter your request [Q] : E Using curve ec163a02. Generating key pair (please wait)... Country: CA State: Ontario Locality: Waterloo Organization: Sybase, Inc. Organizational Unit: IAS Common Name: MobiLink Enter password to protect private key : password5 Enter file path to save request : global.req Enter file path to save private key : global.pri

The file global.req contains the public certificate and request information. Paste the contents of this file into the form on the certificate-issuing Web site.

The file global.pri contains the private key for the enterprise certificate. This file is protected by the password you entered, but since the protection provided by the password is weak, you must store this file in a secure location.