Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.1 » SQL Anywhere Server - Database Administration » Security » Transport-layer security » Encrypting MobiLink client/server communications

 

Starting the MobiLink server with transport-layer security

To start the MobiLink server with transport-layer security, supply the identity file and the identity password protecting the server's private key.

For an overview of the steps required to set up transport-layer security, see Setting up transport-layer security.

Securing the MobiLink server over TCP/IP and HTTPS

Use the mlsrv11 -x server option to specify an identity and an identity password. Following is a partial mlsrv11 command line (which must be written on one line):

-x protocol(
   tls_type=cipher;
   fips={ y | n };
   identity=identity-file;
   identity_password=password;... )
  • protocol   The protocol to use. It can be https or tls. The tls protocol is TCP/IP with TLS.

  • cipher   The cipher to use. It can be rsa or ecc for RSA and ECC encryption, respectively. The cipher must match the encryption used to create your identity.

  • fips   Indicates whether to use FIPS. FIPS can only be used with RSA encryption. RSA FIPS uses separate FIPS 140-2 certified software from Certicom. Servers using FIPS are compatible with clients not using FIPS and vice versa. RSA FIPS can be used for SQL Anywhere clients on any supported 32-bit Windows platform or Solaris, or for UltraLite clients on Unix or any supported 32-bit Windows platform including Windows Mobile.

  • identity-file   The path and file name of the identity file, which contains the server's private key, the server's certificate, and, optionally, the certificates signed by the Certificate Authority.

    For information about creating the server certificate, which can be self-signed, or signed by a Certificate Authority or enterprise root certificate, see Creating digital certificates.

  • password   The password for the server private key. You specify this password when you create the server identity.

See -x option.

Examples

The following example specifies the type of security (RSA), the server identity file, and the identity password protecting the server's private key on the mlsrv11 command line:

mlsrv11 -c "dsn=my_cons"
 -x tls(tls_type=rsa;identity=c:\test\serv_rsa1.crt;identity_password=pwd)

The following example specifies an ECC identity on the mlsrv11 command line:

mlsrv11 -c "dsn=my_cons"
 -x tls(tls_type=ecc;identity=c:\test\serv_ecc1.crt;identity_password=pwd)

The following example is similar to the previous, except that there is a space in the identity file name:

mlsrv11 -c "dsn=my_cons"
 -x "tls(tls_type=rsa;identity=c:\Program Files\test\serv_rsa1.crt;identity_password=pwd)"

For more information about the mlsrv11 -x option, see -x option.

For more information about creating the server identity file, in this case serv_ecc1.crt, see Creating digital certificates.

You can hide the command line options using a configuration file and the File Hiding utility (dbfhide). See @data option.