Sybase IQ includes tools for working with certificates. A utility named gencert lets you generate new certificates. Since certificates are normally written in a machine-readable format, another utility, named readcert, displays the contents of a certificate in human-readable format.
You can make a number of types of certificates with the gencert utility. The easiest type to make is a self-signed (root) certificate, as no other signing certificate is required.
The main advantage of a setup with only one root certificate is simplicity; you need create only one certificate. This setup is often sufficient for simple setups involving only one Sybase IQ server. If you operate multiple IQ servers, an enterprise level certificate, discussed later, is often more convenient.
The biggest disadvantage is that a self-signed certificate is easier than other types to forge. This type of attack can be accomplished by creating a counterfeit certificate using a different key pair. Other types of certificates are more secure because they bear more than one digital signature.
