Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.1 » SQL Anywhere Server - Database Administration » Security » Transport-layer security

 

Encrypting SQL Anywhere web services

The SQL Anywhere web server supports HTTPS connections using SSL version 3.0 and TLS version 1.0.

To set up transport-layer security for SQL Anywhere web services, perform the following steps:

  • Obtain digital certificates   You need database server certificate files and identity files. Certificates (which can be Certificate Authority certificates) are distributed to browsers or web clients. server identity files are stored securely with your SQL Anywhere web server.

    For general information about creating digital certificates, including information about using Certificate Authorities, see Creating digital certificates.

  • Start the web server with transport-layer security   Use the -xs database server option to specify HTTPS, the server identity file, and the password to protect the private key.

    Following is the syntax of a partial dbsrv11 command line.

    -xs protocol(
       [ fips={ y | n }; ]
       identity=server-identity-filename;
       identity_password=password;... ) ...
    • protocol   can be https, or https with fips=y for FIPS-approved RSA encryption. FIPS-approved HTTPS uses a separate approved library, but is compatible with HTTPS.

      Note

      The Mozilla Firefox browser can connect when FIPS-approved HTTPS is used. However, the cipher suite used by FIPS-approved HTTPS is not supported by most versions of the Internet Explorer, Opera, or Safari browsers—if you are using FIPS-approved HTTPS, these browsers may not be able to connect.

      For information about enforcing the FIPS-approved algorithm, see -fips server option.

    • server-identity-filename   The path and file name of the server identity. For HTTPS, you must use an RSA certificate.

    • password   The password for the server private key. You specify this password when you create the server certificate.

    For more information about the -xs server option, see -xs server option.

    For more information about the identity and identity_password parameters, see:

  • Configure web clients   Configure browsers or other web clients to trust certificates. The trusted certificate can be self-signed, an enterprise root, or a Certificate Authority certificate.

    For general information about creating digital certificates, including information about using Certificate Authorities, see Creating digital certificates.