SSL connection support  Mutual authentication

Chapter 15: Building .NET Clients for EAServer

Server authentication

If only server authentication is required, the EAServer client must provide authentication to the server to prove that the client can be trusted before it can connect to the server. By default, EAServer 6.x uses 2001 as the port for this type of SSL connection.

The EAServer host’s certificate file must be imported into the Microsoft certificate store on the client’s computer. You can do this using the Certificate snap-in in the Microsoft Management Console (MMC).

StepsTo import an EAServer certificate into the client computer’s certificate store:

  1. Select Run from the Windows Start menu, type mmc in the Run dialog box, and click OK to open the Microsoft Management Console.

    Picture shows the opening screen of the Microsoft Management Console.

  2. Select File>Add/Remove Snap-in to open the Add/Remove Snap-in dialog box.

    Picture shows the Add and Remove Snap In dialog box. The stand alone tab is displayed.

  3. Click Add to open the Add Standalone Snap-in dialog box.

  4. Select Certificates from the Snap-in list and click Add to open the Certificates Snap-in dialog box.

    Picture shows the Add Stand Alone Snap In dialog box. Certificates is the item selected in the Available Stand Alone Snap Ins list box.

  5. Select the Computer account radio button, click Next, click Finished, and close the Add Standalone Snap-in and Add/Remove Snap-in dialog boxes.

    A Certificates node displays in the MMC.

  6. Expand the Certificates node in the MMC, right-click Personal, select All Tasks, and then select Import.

    Picture shows the Microsoft Management Console with the Personal folder selected under the Certificates node in the left pane of the console. The All Tasks menu item is selected in the pop up top level menu, and Import is the menu item selected in the cascaded menu that displays when All Tasks is selected.

    The Certificate Import Wizard opens.

  7. Follow the instructions in the Certificate Import Wizard to import the certificate.

    The wizard prompts you to provide a certificate file. For server authentication, this is the certificate file that is configured as the certificate for EAServer on port 2001 or any other port that is specified for use in server-only authentication SSL mode. You may already have such a file from configuring EAServer for SSL connections, or, if you have access rights to the built-in Java keystore on the EAServer host, you can export the required certificate from the keystore.

    For more information about exporting a certificate, see the EAServer documentation.

    NotePrivate key not required The server’s certificate file need not include its private key.

Connection code

In the PowerScript connection code, change the EAServer host’s address to a URL that begins with “iiops” and ends with the correct SSL port. All other code is the same as if the client was connecting to a server without using SSL.

The following sample code connects with EAServer using an SSL connection:

Connection myconnect
int rc

myconnect = create Connection
myconnect.Application = "pbtest"
myconnect.Driver = "jaguar"
myconnect.UserID = "admin@system"
myconnect.Password = "abc"
myconnect.Location = "iiops://mydesktop:2001"

rc = myconnect.connecttoserver( )



Copyright © 2010. Sybase Inc. All rights reserved. Mutual authentication

View this document as PDF