Specify a file containing a list of trusted root certificates used for secure synchronization.
Separately licensed component required
ECC encryption and FIPS-certified encryption require a separate license. All strong encryption technologies are subject to export regulations.
trusted_certificates=vfs:[ volume-label:| volume-ordinal:]filename
When synchronization occurs through a Certicom TLS synchronization stream, the MobiLink server sends its certificate to the client, as well as the certificate of the entity that signed it, and so on up to a self-signed root.
The client checks that the chain is valid and that it trusts the root certificate in the chain. This feature allows you to specify which root certificates to trust.
For UltraLite clients, trusted roots can be provided to ulinit, ulcreate, and ulload when creating the database. If the trusted_certificates parameter is provided, the trusted certificates found in the file replace those stored in the database.
For 32-bit Windows and Windows CE, if no trusted certificates are specified, the client loads the certificates from the operating system's trusted certificate store. This certificate store is used by web browsers when they connect to secure web servers via HTTPS.
Trusted certificates are supported for the Palm OS file system (not record-based data stores). On Palm OS, volume-label can be INTERNAL for the built-in drive, CARD for the expansion card, or the label name of the volume. Alternatively, you can use volume-ordinal to identify the volume (the default is 0, which is the first volume enumerated by the platform). The filename must be the full path to the file, following the filename and path naming conventions of the Palm platform.
For information about how to set network protocol options with dbmlsync, see CommunicationAddress (adr) extended option.
For information about how to set network protocol options with UltraLite, see Network protocol options for UltraLite synchronization streams.
The following example sets up RSA encryption for an HTTPS protocol. This requires setup on the server and client. Each command must be written on one line.
The server implementation is:
mlsrv10 -c "dsn=SQL Anywhere 10 Demo;uid=DBA;pwd=sql" -x https( port=9999; certificate=c:\sa10\win32\rsaserver.crt; certificate_password=test)
On a SQL Anywhere client, the implementation is:
dbmlsync -c "dsn=mydb;uid=DBA;pwd=sql" -e "ctp=https; adr='port=9999; trusted_certificates=c:\sa10\win32\rsaroot.crt; certificate_name=RSA Server'"
On an UltraLite client, the implementation is:
info.stream = "https"; info.stream_parms = TEXT( "port=9999; trusted_certificates=\rsaroot.crt; certificate_name=RSA Server"); info.security_stream = NULL; info.security_parms = NULL;
On an UltraLite client running Palm OS, the stream and stream_parms can be set like this:
info.security_stream = "tls"; info.security_parms = "tls_type=rsa;trusted_certificates=vfs:/rsaroot.crt;port=9376";