Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » MobiLink - Server Administration » MobiLink client/server communications encryption » MobiLink client configuration to use transport layer security

Server authentication

Server authentication allows a remote client to verify the identity of a MobiLink server.

Digital signatures and certificate field verification work together to achieve server authentication.

Digital signatures

A MobiLink server certificate contains one or more digital signatures used to maintain data integrity and protect against tampering. Following are the steps used to create a digital signature:

  • An algorithm performed on a certificate generates a unique value or hash.

  • The hash is encrypted using a signing certificate's or Certificate Authority's private key.

  • The encrypted hash, called a digital signature, is embedded in the certificate.

A digital signature can be self-signed or signed by an enterprise root certificate or Certificate Authority.

When a MobiLink client contacts a MobiLink server, and each is configured to use transport layer security, the server sends the client a copy of its certificate. The client decrypts the certificate's digital signature using the server's public key included in the certificate, calculates a new hash of the certificate, and compares the two values. If the values match, this confirms the integrity of the server's certificate.

Verifying certificate fields

When using a globally signed certificate, each client must verify certificate field values to avoid trusting certificates that the same Certificate Authority has signed for other clients. This is resolved by requiring your clients to test the value of fields in the identity portion of the certificate. A Certificate Authority must guarantee the accuracy of the identification information in any certificate that it signs.

When creating a certificate using the createcert utility, you enter values for the organization, organizational unit, and common name fields. You verify these fields using corresponding MobiLink client connection parameters.

  • Organization

    The organization field corresponds to the certificate_company MobiLink client connection parameter.

  • Organizational unit

    The organizational unit field corresponds to the certificate_unit MobiLink client connection parameter.

  • Common name

    The common name field corresponds to the certificate_name MobiLink client connection parameter.