Using a global certificate as a server certificate

You can use your global certificate directly as a Sybase IQ server certificate. To do so, you must create a server identity certificate by concatenating the public and private certificates. Open a command prompt and run the following command line:

copy global.crt+global.pri global2.crt

You can now start a Sybase IQ server, specifying the new certificate and the password for your private certificate. Open a command prompt and run the following command line:

start_asig -c "dsn=Adaptive Server IQ Demo;uid=DBA;pwd=SQL" -x tcpip ( security=rsa_tls( certificate=global2.crt; certificate_password=password5 ) )

You can hide the contents of the command line using the File Hiding utility, dbfhide. For more information, see the Adaptive Server Anywhere Database Administration Guide.

You must also ensure that clients contacting your Sybase IQ server trust the certificate. To do so, you must tell the clients to trust the root certificate in the chain. In this case, the root certificate in the chain is a certificate held by the certificate authority.

By default, clients trust certificates signed by the Sybase root certificate used to sign the sample certificate included with Sybase IQ.

For better security, however, you should ensure that clients consider only the root certificate of your certificate authority to be valid.

To tell a client to trust only the XXX root certificate, name the trusted certificate using the –r option at the command line when running the generator.