Contents Index Obtaining server-authentication certificates Verifying certificate fields

MobiLink Synchronization User's Guide
  Transport-Layer Security
    Obtaining server-authentication certificates

Using a global certificate as a server certificate

You can use your global certificate directly as a MobiLink synchronization server certificate. To do so, you must create a server identity certificate by concatenating the public and private certificates. Open a command prompt and run the following command line:

copy global.crt+global.pri global2.crt

You can now start a MobiLink synchronization server, specifying the new certificate and the password for your private certificate. Open a command prompt and run the following command line:

dbmlsrv9 -c "dsn=UltraLite 9.0 Sample;uid=DBA;pwd=SQL" -x tcpip ( security=ecc_tls( certificate=global2.crt;
certificate_password=password5 ) )

You can hide the contents of the command line using the File Hiding utility, dbfhide. For more information, see The File Hiding utility.

You must also ensure that clients contacting your MobiLink synchronization server trust the certificate. To do so, you must tell the clients to trust the root certificate in the chain. In this case, the root certificate in the chain is a certificate held by the certificate authority.

By default, MobiLink clients trust certificates signed by the Sybase root certificate used to sign the sample certificate included with MobiLink.

For better security, however, you should ensure that clients consider only the root certificate of your certificate authority to be valid.

You can tell an Adaptive Server Anywhere MobiLink client to accept only a particular root certificate by naming only this certificate in the Address clause of the SQL CREATE SYNCHRONIZATION SUBSCRIPTION statement. For example, to trust certificates from XXX:

CREATE SYNCHRONIZATION SUBSCRIPTION
FOR 'user001' TO test -pub
ADDRESS 'host=myhost;security=ecc_tls (
   trusted_certificates=XXX.crt )'

To tell an UltraLite client to trust only the XXX root certificate, name the trusted certificate using the -r option when running the UltraLite generator, as follows. Open a command prompt and run the following command line:

> ulgen -c "dsn=UltraLite 9.0 Sample;uid=DBA;pwd=SQL"
-r XXX.crt -j custapi

Contents Index Obtaining server-authentication certificates Verifying certificate fields