To
generate a root certificate, start the gencert utility from a command
prompt using the –r
option.
The utility prompts you to enter the identity information, the certificate
password and expiry date, and the names of the new certificate files.
In the following procedure, you are prompted for names for the certificate, private key, and server identity files. Sybase IQ accepts any name and extension for these files. However, Windows only recognizes .crt and .cer extensions as certificate files.
In the following procedure, an RSA certificate is generated.
>gencert -r Certificate Generation Tool Choose certificate type ((R)SA or (E)CC): R Enter key length (512-2048): 2048 Generating key pair... Country: CA State/Province: Ontario Locality: Waterloo Organization: Sybase, Inc. Organizational Unit: IAS Common Name: MobiLink Serial Number: 2003.07.29.01 Certificate valid for how many years: 2 Enter password to protect private key: password Enter file path to save certificate: self.crt Enter file path to save private key: self.pri Enter file path to save server identity: serv1.crt
The response to each question should be a string, except for the number of years to the expiry date, which must be an integer.
The utility creates three files, which in this example are called self.crt, self.pri, and serv1.crt.
self.crt This file contains the new certificate, including the identity information, public key, expiry date, and signature. You can give out copies of this file to people whom you wish to contact you.
self.pri This file contains the private key that matches the public key encoded in the certificate. The private key is encoded using the password you supplied, providing a modest barrier to others with access to your computer. However, since password encryption is not very secure, you must restrict access to this file to maintain secrecy.
serv1.crt This file contains the same information as the above two files, combined into one file. It is intended for use with a Sybase IQ server. The server sends the public information to identify itself to clients. It requires the private key to decode messages returned by the clients. You must restrict access to this file. It, too, contains a copy of the private key, protected only by the password.
The server certificate contains the information in the public and private certificate files. You can make a server certificate by concatenating a public certificate and the file containing the private key.