Contents Index Enterprise root certificates Using the signed certificates

MobiLink Synchronization User's Guide
  Transport-Layer Security
    Enterprise root certificates

Creating the certificates


The first step in setting up an enterprise-level system is to generate the common self-signed certificate. To generate this root certificate, start gencert with the -r option.

>gencert -r
Certificate Generation Tool
Choose certificate type ((R)SA or (E)CC): E
Generating key pair...
Country: CA
State/Province: Ontario
Locality: Waterloo
Organization: Sybase, Inc.
Organizational Unit: IAS
Common Name: MobiLink
Serial Number: 2003.07.29.02
Certificate valid for how many years: 2
Enter password to protect private key: password2
Enter file path to save certificate: ent_root.crt
Enter file path to save private key: ent_root.pri
Enter file path to save server identity: ent_serv.crt

The utility creates three files, which in this example are called ent_root.crt, ent_root.pri, and ent_serv.crt.

The first two of these three files can be used to sign additional, new certificates. To generate a signed certificate, start gencert with the -s option. Enter the name of the signing certificate file, the name of the signing private-key file, and the password for the signing private key.

>gencert -s
Certificate Generation Tool
Choose certificate type ((R)SA or (E)CC): E
Generating key pair...
Country: CA
State/Province: Ontario
Locality: Waterloo
Organization: Sybase, Inc.
Organizational Unit: IAS
Common Name: MobiLink
Serial Number: 2003.07.29.03
Certificate valid for how many years: 1
Enter file path of signer's certificate: ent_root.crt
Enter file path of signer's private key: ent_root.pri
Enter password for signer's private key: password2
Enter password to protect private key: password3
Enter file path to save server identity: serv1.crt

This time, gencert creates only one file. This file contains the signed certificate and the private key. It is intended for use with a MobiLink synchronization server.

Repeat this last step as many times as necessary to create a signed certificate for each MobiLink synchronization server.

>gencert -s
Certificate Generation Tool
Choose certificate type ((R)SA or (E)CC): E
Generating key pair...
Country: CA
State/Province: Ontario
Locality: Waterloo
Organization: Sybase, Inc.
Organizational Unit: IAS
Common Name: MobiLink
Serial Number: 2003.07.29.04
Certificate valid for how many years: 2
Enter file path of signer's certificate: ent_root.crt
Enter file path of signer's private key: ent_root.pri
Enter password for signer's private key: password2
Enter password to protect private key: password4
Enter file path to save server identity: serv2.crt

You now have the following files:

You do not need the combined root certificate because no MobiLink synchronization server uses it directly. Instead, you created a separate certificate for each MobiLink synchronization server.


Contents Index Enterprise root certificates Using the signed certificates