Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » Transport-layer security

 

Setting up transport-layer security

The following steps provide an overview of the tasks required to set up transport-layer security.

  1. Obtain digital certificates.

    You need identity files and certificate files. The server identity file contains the server's private key and should be stored securely with the database or MobiLink server. You distribute the server certificate file to your clients.

    You can buy certificates from a certificate authority or you can use the Certificate creation utility (createcert). SQL Anywhere also provides functionality to create certificates, which is especially useful for development and testing. See Digital certificates.

  2. If you are setting up transport-layer security for SQL Anywhere client/server applications:

    • Start the SQL Anywhere database server with transport-layer security   Use the -ec database server option to specify the type of security, the server identity file name, and the password to protect the server's private key.

      If you also want to allow unencrypted connections over shared memory, specify the -es option.

      See Database server with transport-layer security.

    • Configure client applications to use transport-layer security   Specify the path and file name of trusted certificates using the Encryption connection parameter [ENC].

      See Client application configuration to use transport-layer security.

  3. If you are setting up transport-layer security for SQL Anywhere web services:

    • Start the SQL Anywhere database server with transport-layer security   Use the -xs database server option to specify the type of security, the server identity file name, and the password to protect the server's private key. See -xs database server option.

    • Configure browsers or other web clients to trust certificates   Encrypt SQL Anywhere web services.

      See SQL Anywhere web services encryption.

  4. If you are setting up transport-layer security for MobiLink synchronization:

    • Start the MobiLink server with transport-layer security   Use the mlsrv16 -x option to specify the security stream, the server identity file name, and the password to protect the server's private key.

      See Starting the MobiLink server with transport-layer security.

    • Configure MobiLink clients to use transport-layer security   Supply the appropriate security or network protocol options with the MobiLink synchronization client utility (dbmlsync) or UltraLite application. Specify the security stream and trusted server certificate file names.

      See MobiLink client configuration to use transport-layer security.

Copyright © 2013, SAP AG ou société affiliée SAP - SAP Sybase SQL Anywhere 16.0