Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

Configuring SQL Anywhere clients to use transport-layer security

This section shows you how to configure SQL Anywhere clients to use transport-layer security over HTTPS or TCP/IP.

MobiLink transport-layer security is an inherent feature of the MobiLink HTTPS and TCP/IP protocols. To use transport-layer security over HTTPS, specify the trusted_certificates connection parameter using the ADR extended option. Following is the syntax for a partial dbmlsync command line.

-e "ctp=protocol;
adr=[ fips={ y | n }; ]
trusted_certificates=public-certificate;
..."

• protocol  can be https or tls. The tls protocol is TCP/IP using transport-layer security.

• fips  for FIPS-approved RSA encryption. FIPS-approved HTTPS uses separate FIPS 140-2 certified software from Certicom, but is compatible with version 9.0.2 or later MobiLink servers using HTTPS.

• public-certificate  is the path and file name of a trusted certificate.

  For HTTPS or FIPS-approved HTTPS, you must use certificates created using RSA encryption.

• Client security options
• Creating digital certificates
• CommunicationAddress (adr) extended option
• MobiLink client network protocol options
• CREATE SYNCHRONIZATION SUBSCRIPTION statement [MobiLink]
• ALTER SYNCHRONIZATION SUBSCRIPTION statement [MobiLink]

The following example specifies RSA security over HTTPS. It must all be written on one line:

dbmlsync -c "eng=rem1;uid=dba;pwd=mypwd"
  -e "ctp=https;
      adr=trusted_certificates=c:\temp\public_cert.crt;
      certificate_company=Sybase, Inc.;
      certificate_unit=IAS;
      certificate_name=MobiLink)"

Alternatively, you can specify the CommunicationAddress extended option using the CREATE SYNCHRONIZATION SUBSCRIPTION or ALTER SYNCHRONIZATION SUBSCRIPTION statement. This method provides the same information, but stores it in the database.

CREATE SYNCHRONIZATION SUBSCRIPTION 
 TO pub1 
 FOR user1 
 ADDRESS 'trusted_certificates=c:\temp\public_cert.crt;
    certificate_company=Sybase, Inc.;
    certificate_unit=IAS;
  certificate_name=MobiLink';

The following example specifies RSA security and TCP/IP. It must all be written on one line:

dbmlsync -c "eng=rem1;uid=myuid;pwd=mypwd"
   -e "ctp=tcpip;
       adr=port=3333;
       tls(
           tls_type=rsa;
           trusted_certificates=c:\test\public_cert.crt;
           certificate_company=Sybase, Inc.;
           certificate_unit=IAS;
           certificate_name=MobiLink)"

Alternatively, you can specify the CommunicationAddress extended option using the CREATE SYNCHRONIZATION SUBSCRIPTION or ALTER SYNCHRONIZATION SUBSCRIPTION statement:

CREATE SYNCHRONIZATION SUBSCRIPTION 
 TO pub1 
 FOR user1 
 ADDRESS 'port=3333;
    security=tls(tls_type=rsa;trusted_certificates=public_cert.crt;
       certificate_company=Sybase, Inc.;
       certificate_unit=IAS;
       certificate_name=MobiLink )';