Contents Index Globally signed certificates Using a global certificate as a server certificate

MobiLink Synchronization User's Guide
  Transport-Layer Security

Obtaining server-authentication certificates


MobiLink transport-layer security is based on Certicom SSL/TLS Plus libraries, which require elliptic-curve or RSA certificates. You can obtain a global certificate from any certificate authority that can supply certificates in the correct format. Two such companies are VeriSign and Entrust Technologies.

For more information, see http://www.verisign.com/ or http://www.entrust.com/certificate_services/index.htm.

There are several ways to obtain certificates. One way is to use the Certicom reqtool utility, which is installed when you install the security component. This tool creates a server certificate and a global certificate request. Copy the contents of the public certificate onto your clipboard, and paste them into the form on the Web site of the certificate-issuing authority. Only submit the public component of the certificate request. You must not disclose your private key.

For more information about this procedure, see the document reqtool.pdf, located in the win32 subdirectory of your SQL Anywhere 9 installation. It is installed when you install the security component.

Example 

The following example creates an elliptic-curve certificate:

> reqtool
-- Certicom Corp. Certificate Request Tool 3.0d1 --
Choose certificate request type:
  E - Personal email certificate request.
  S - Server certificate request.
  Q - Quit.
Please enter your request [Q] : S
Choose key type:
  R - RSA key pair.
  D - DSA key pair.
  E - ECC key pair.
  Q - Quit.
Please enter your request [Q] : E
Using curve ec163a02. Generating key pair (please wait)...
Country: CA
State: Ontario
Locality: Waterloo
Organization: Sybase, Inc.
Organizational Unit: IAS
Common Name: MobiLink
Enter password to protect private key : password5
Enter file path to save request : global.req
Enter file path to save private key : global.pri

The file global.req contains the public certificate and request information. Paste the contents of this file into the form on the certificate-issuing Web site.

The file global.pri contains the private key for the enterprise certificate. This file is protected by the password you entered, but since the protection provided by the password is weak, you must store this file in a secure location.


Using a global certificate as a server certificate

Contents Index Globally signed certificates Using a global certificate as a server certificate