Contents Index Self-signed certificates Using a self-signed certificate

MobiLink Synchronization User's Guide
  Transport-Layer Security
    Invoking transport-layer security
      Self-signed certificates

Making a new self-signed certificate

To generate a root certificate, start the gencert utility from a command prompt using the -r option. The utility prompts you to enter the identity information, the certificate password and expiry date, and the names of the new certificate files.

In the following procedure, you are prompted for names for the certificate, private key, and server identity files. MobiLink accepts any name and extension for these files. However, Windows only recognizes .crt and .cer extensions as certificate files.

In the following procedure, an RSA certificate is generated. Alternatively, you can generate an elliptic-curve certificate by choosing certificate type ECC.

>gencert -r
Certificate Generation Tool
Choose certificate type ((R)SA or (E)CC): R
Enter key length (512-2048): 2048
Generating key pair...
Country: CA
State/Province: Ontario
Locality: Waterloo
Organization: Sybase, Inc.
Organizational Unit: IAS
Common Name: MobiLink
Serial Number: 2003.07.29.01
Certificate valid for how many years: 2
Enter password to protect private key: password
Enter file path to save certificate: self.crt
Enter file path to save private key: self.pri
Enter file path to save server identity: serv1.crt

The response to each question should be a string, except for the number of years to the expiry date, which must be an integer.

The utility creates three files, which in this example are called self.crt, self.pri, and serv1.crt.

Public key and private key information to create a server identity certificate.

The server certificate contains the information in the public and private certificate files. You can make a server certificate by concatenating a public certificate and the file containing the private key.


Contents Index Self-signed certificates Using a self-signed certificate