|
![Certificate viewer utility [viewcert]](gif/backward.gif)
Creates new ECC or RSA certificates and signs pre-generated certificate requests. This utility is deprecated. Use Certificate creation utility [createcert].
gencert [ -c | -s ] [ -r | -q ]
| Option | Description |
|---|---|
| -c | Creates a certificate you can use to sign other certificates. If used with -r, generates an enterprise root certificate. |
| -s | Creates a server identity file. The server identity file contains of a server's private key and certificate. You reference the server identity file when you start the MobiLink server (for MobiLink transport-layer security) or database server (for SQL Anywhere client/server transport-layer security). If used with -r, generates a self-signed server certificate. |
| -r | Creates a self-signed root certificate. If used with -s, gencert creates a self-signed server certificate. If used with -c, gencert creates an enterprise root certificate you can use to sign other certificates. If you specify gencert -r with no additional options, gencert creates a certificate you can use as a server certificate or an enterprise root. This option is not compatible with -q. |
| -q request-file | Signs a pre-generated certificate request. If used with -s, gencert creates a server certificate. If used with -c, gencert creates an enterprise root certificate you can use to sign other certificates. If you specify gencert -q with no additional options, gencert creates a certificate you can use as a server certificate or an enterprise root. The -q option is not compatible with -r. |
If you do not specify -s or -c , the certificate contains the functionality provided by both options, so it can be used to sign other certificates or you can use it directly as a server certificate.
You can use the gencert utility to generate trusted certificates, private keys, and server certificates used to secure MobiLink synchronizations or SQL Anywhere client/server communication. This utility creates X509 certificates (a standard certificate format) for various security configurations.
Gencert prompts you for the following information:
Cipher Gencert prompts you to choose an ECC or RSA cipher. If you are generating an ECC certificate, gencert generates an ECC key pair. If you are generating an RSA certificate, it prompts for a key size between 512 and 2048, and then creates a certificate using RSA. (In general, longer keys provide stronger encryption but take longer to process.)
Whichever cipher you choose, you must specify that cipher when you start the server and client. For ECC certificates, specify tls_type=ecc, and for RSA certificates, specify tls_type=rsa or tls_type=rsa;fips=yes.Country, State/Province, and Locality These values provide general certificate identification. The locality fields are also required by third-party Certificate Authorities if you plan to use globally-signed certificates.
For more information about using Certificate Authorities, see Globally-signed certificates.Organization, Organizational Unit, and Common Name These fields provide additional security that the client is authenticating the correct certificate. On the client side, they correspond to the certificate_company, certificate_unit, and certificate_name protocol options, respectively.
See Verifying certificate fields.Serial number You are prompted to choose a serial number for the certificate. The serial number must use alphanumeric characters.
Certificate valid for how many years You are prompted for the period (in years) that the certificate remains valid. If the certificate expires, all certificates signed by this certificate will also be invalid. Following the specified period, you will need to regenerate the enterprise root, each server certificate, and the certificates distributed to clients.
Enter password to protect private key This is the password you will specify in the certificate_password protocol option.
Enter file path to save certificate Choose a file name and location for the certificate.
Enter file path to save private key Choose a file name and location for the private key.
Enter file path to save server identity Choose a file name and location for the server certificate.