You can use the signed certificates for server-authentication by following these steps:
Supply a copy of the public root certificate to all clients. When the client first contacts the Sybase IQ server, the server sends the client a copy of its own public certificate. This certificate bears the signature of the root certificate. The client can detect fake certificates by verifying that the root signature matches the public key in their copy of the root certificate.
Tell each client that it is to trust only servers whose certificates bear the signature of the root certificate. For Sybase IQ clients, use the trusted_certificates security parameter. For example, you can tell a Sybase IQ client to trust only the ent_cert.crt certificate by including a parameter in the address clause of the synchronization subscription.
To tell a client to trust only the desired certificate, name
the trusted certificate using the –r
option
at the command line when running the generator.
When you start each Sybase IQ server, specify the name of that server's certificate file and the corresponding password. Enter each command on one line.
start_asiq -c "dsn=Adaptive Server IQ Demo;uid=DBA;pwd=SQL" –x tcpip ( port=3333; security=rsa_tls ( certificate=serv1.crt; certificate_password=password3 ) ) start_asiq -c "dsn=Adaptive Server IQ Demo;uid=DBA;pwd=SQL" –x tcpip ( port=4444; security=rsa_tls ( certificate=serv2.crt; certificate_password=password4 ) )