Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.1 » SQL Anywhere Server - Database Administration » Security » Transport-layer security

 

Setting up transport-layer security

The following steps provide an overview of the tasks required to set up transport-layer security.

Overview of setting up transport-layer security
  1. Obtain digital certificates.

    You need identity files and certificate files. The server identity file contains the server's private key and should be stored securely with the database or MobiLink server. You distribute the server certificate file to your clients.

    You can buy certificates from a certificate authority. SQL Anywhere also provides functionality to create certificates, which is especially useful for development and testing. See Creating digital certificates.

  2. If you are setting up transport-layer security for SQL Anywhere client/server applications:

    • Start the SQL Anywhere database server with transport-layer security   Use the -ec database server option to specify the type of security, the server identity file name, and the password to protect the server's private key.

      If you also want to allow unencrypted connections over shared memory, specify the -es option.

      See Starting the database server with transport-layer security.

    • Configure client applications to use transport-layer security   Specify the path and file name of trusted certificates using the Encryption connection parameter [ENC].

      See Configuring client applications to use transport-layer security.

  3. If you are setting up transport-layer security for SQL Anywhere web services:

    • Start the SQL Anywhere database server with transport-layer security   Use the -xs database server option to specify the type of security, the server identity file name, and the password to protect the server's private key.

    • Configure browsers or other web clients to trust certificates   See Encrypting SQL Anywhere web services.

  4. If you are setting up transport-layer security for MobiLink synchronization:

    • Start the MobiLink server with transport-layer security   Use the mlsrv11 -x option to specify the security stream, the server identity file name, and the password to protect the server's private key.

      See Starting the MobiLink server with transport-layer security.

    • Configure MobiLink clients to use transport-layer security   Supply the appropriate security or network protocol options with the MobiLink synchronization client utility (dbmlsync) or UltraLite application. Specify the security stream and trusted server certificate file names.

      See Configuring MobiLink clients to use transport-layer security.

Other resources for getting started

You can post questions on the newsgroups: