You can use transport-layer security when using the TCP/IP, HTTP, or HTTPS communication protocols. For TCP/IP, HTTP and HTTPS you must use RSA encryption.
Using transport-layer security
To invoke transport-layer security, you must first set it up for the client, storing the settings in the publication, subscription, or Sybase IQ user.
Create digital certificates to invoke server authentication features.
Use utilities supplied with Sybase IQ to create public certificates that are distributed to client applications and server certificates that are stored securely with database servers. Different types of certificates and different arrangements of these certificates allow you to provide various levels of security.
Start the Sybase IQ server with transport-layer security.
Use the -ec startup switch on the start_asiq command line to specify the type of security, the server certificate, and the password to protect the private key. Sybase IQ transport-layer security is available only over TCP/IP and on Solaris, Linux, or any supported Windows platform except Windows CE. For syntax, see Chapter 1, “Running the Database Server” in the Sybase IQ Utility Guide.
Configure client applications to use transport-layer security.
Specify the path and file name of trusted public certificates using the Encryption connection parameter [ENC]. For details, see “Encryption connection parameter [ENC]”.
The Certicom security software built into Sybase IQ uses certificates for the purpose of server identification. Sample certificates are provided with Sybase IQ for RSA encryption. The sample RSA certificate is called rsaserver.crt and the password is test.
WARNING! The sample certificates should be used for testing purposes only. The sample certificates provide no security in deployed situations because they and their corresponding passwords are widely distributed with Sybase software. To protect your system, you must create your own certificate.
If Certicom security starts properly, the informational messages confirm this fact. The absence of such messages indicates that Certicom security has not started properly.
