iAnywhere.com - Starting the MobiLink server with transport-layer security

Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 10.0.1 » SQL Anywhere Server - Database Administration » Transport-Layer Security » Encrypting MobiLink client/server communications

Starting the MobiLink server with transport-layer security

To start the MobiLink server with transport-layer security, supply the server certificate and the password protecting the server's private key.

For an overview of the steps required to set up transport-layer security, see Setting up transport-layer security.

Securing the MobiLink server over TCP/IP and HTTPS

Use the mlsrv10 -x server option to specify certificate and certificate_password parameters. Following is a partial mlsrv10 command line (which must be written on one line):

-x protocol(
tls_type=cipher;
fips={ y | n };
certificate=server-certificate;
certificate_password=password;... )

protocol can be https or tls. The tls protocol is TCP/IP with TLS.
cipher can be rsa or ecc for RSA and ECC encryption, respectively. The cipher must match the encryption used to create your certificates.
fips can only be used with RSA encryption. RSA FIPS uses separate FIPS 140-2 certified software from Certicom. Servers using FIPS are compatible with clients not using FIPS and vice versa. RSA FIPS can be used for SQL Anywhere clients on any supported 32-bit Windows platform or Solaris, or for UltraLite clients on Unix or any supported 32-bit Windows platform including Windows CE.
server-certificate is the path and file name of the server certificate.
For information about creating the server certificate, which can be self-signed, or signed by a Certificate Authority or enterprise root certificate, see Creating digital certificates.
password is the password for the server certificate's private key. You specify this password when you create the server certificate.

See -x option.

Examples

The following example specifies the type of security (RSA), the server certificate, and the password protecting the server's private key on the mlsrv10 command line:

mlsrv10 -c "dsn=my_cons"
 -x tls(tls_type=rsa;certificate=c:\test\serv_rsa1.crt;certificate_password=pwd)

The following example specifies an ECC certificate on the mlsrv10 command line:

mlsrv10 -c "dsn=my_cons"
 -x tls(tls_type=ecc;certificate=c:\test\serv_ecc1.crt;certificate_password=pwd)

For more information about the mlsrv10 -x option, see -x option.

For more information about creating the server certificate, in this case serv1.crt, see Creating digital certificates.

You can hide the command line options using a configuration file and the File Hiding utility (dbfhide). See @data option.