Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 11.0.0 » SQL Anywhere Server - Database Administration » Security » Transport-layer security


Creating digital certificates

You need digital certificates to set up transport-layer security. You can obtain certificates from a certificate authority, or you can create them using SQL Anywhere functionality.

SQL Anywhere Certificate Creation utility

You can use the SQL Anywhere Certificate Creation utility, createcert, to generate X.509 certificate files using RSA or ECC. See Certificate Creation utility (createcert).

SQL Anywhere Certificate Viewer utility

You can use the SQL Anywhere Certificate Viewer utility, viewcert, to read X.509 certificates using RSA or ECC. See Certificate Viewer utility (viewcert).

Certificates for server authentication

You can follow the same process to create certificate files for server authentication. In each case, you create an identity file and a certificate file.

For server authentication, you create a server identity file and a certificate file to distribute to clients.

Certificate configurations

The certificate can be self-signed or signed by a commercial or enterprise Certificate Authority.

  • Self-signed certificates   Self-signed server certificates can be used for simple setups. See Self-signed root certificates.

  • Enterprise root certificates   An enterprise root certificate can be used to sign server certificates to improve data integrity and extensibility for multi-server deployments.

    • You can store the private key used to sign server certificates in a secure central location.
    • For server authentication, you can add MobiLink or database servers without reconfiguring clients.

    See Certificate chains.

  • Commercial Certificate Authorities   You can use a third-party Certificate Authority instead of an enterprise root certificate. Commercial Certificate Authorities have dedicated facilities to store private keys and create high-quality server certificates.

    See Certificate chains and Globally-signed certificates.

Self-signed root certificates
Certificate chains
Globally-signed certificates