Global certificates have one potentially serious flaw. Because the Sybase IQ clients, as configured above, trust all certificates signed by the certificate authority, they may also trust certificates that the same certificate authority has issued to other companies. Without a means to discriminate, your clients might mistake a competitor's Sybase IQ server for your own and accidentally send it sensitive information.
Similar precautions can be required in other scenarios. A company may use an enterprise certificate, but it may still be important to verify with which department a Sybase IQ client is connected.
This problem can be resolved by requiring your clients to test the value of fields in the identity portion of the certificate. Three fields in the certificate can be verified. You can verify any or all of the following three fields:
Organization
Organizational Unit
Common Name
To verify the fields, you supply the acceptable value.