The
first step in setting up an enterprise-level system is to generate
the common self-signed certificate. To generate this root certificate,
start gencert with the –r
option.
>gencert -r Certificate Generation Tool Choose certificate type ((R)SA or (E)CC): E Generating key pair... Country: CA State/Province: Ontario Locality: Waterloo Organization: Sybase, Inc. Organizational Unit: IAS Common Name: MobiLink Serial Number: 2003.07.29.02 Certificate valid for how many years: 2 Enter password to protect private key: password2 Enter file path to save certificate: ent_root.crt Enter file path to save private key: ent_root.pri Enter file path to save server identity: ent_serv.crt
The utility creates three files, which in this example are called ent_root.crt, ent_root.pri, and ent_serv.crt.
ent_root.crt This file contains the new certificate. This certificate should be published as all clients require a reliable copy.
ent_root.pri This file contains the private key that matches the public key encoded in the certificate.
ent_serv.crt This file contains the same information as the above two files, combined. It is intended for use with a Sybase IQ server.
You can use the first two of the three files to sign additional,
new certificates. To generate a signed certificate, start gencert
with the –s
option.
Type the name of the signing certificate file, the name of the signing
private-key file, and the password for the signing private key.
>gencert -s Certificate Generation Tool Choose certificate type ((R)SA or (E)CC): E Generating key pair... Country: CA State/Province: Ontario Locality: Waterloo Organization: Sybase, Inc. Organizational Unit: IAS Common Name: MobiLink Serial Number: 2003.07.29.03 Certificate valid for how many years: 1 Enter file path of signer's certificate: ent_root.crt Enter file path of signer's private key: ent_root.pri Enter password for signer's private key: password2 Enter password to protect private key: password3 Enter file path to save server identity: serv1.crt
This time, gencert creates only one file. This file contains the signed certificate and the private key. It is intended for use with a Sybase IQ server.
Repeat this last step as many times as necessary to create a signed certificate for each Sybase IQ server.
>gencert -s Certificate Generation Tool Choose certificate type ((R)SA or (E)CC): E Generating key pair... Country: CA State/Province: Ontario Locality: Waterloo Organization: Sybase, Inc. Organizational Unit: IAS Common Name: MobiLink Serial Number: 2003.07.29.04 Certificate valid for how many years: 2 Enter file path of signer's certificate: ent_root.crt Enter file path of signer's private key: ent_root.pri Enter password for signer's private key: password2 Enter password to protect private key: password4 Enter file path to save server identity: serv2.crt
You now have the following files:
serv1.crt The combined certificate for the first Sybase IQ server.
serv2.crt The combined certificate for the second Sybase IQ server.
You do not need the combined root certificate because no Sybase IQ server uses it directly. Instead, you created a separate certificate for each Sybase IQ server.