If specified, the application only accepts server certificates when the Organization field on the certificate matches this value.
certificate_company=organization
None
MobiLink clients trust all certificates signed by the certificate authority, so they may also trust certificates that the same certificate authority has issued to other companies. Without a means to discriminate, your clients might mistake a competitor's MobiLink server for your own and accidentally send it sensitive information. This option specifies a further level of verification, that the Organization field in the identity portion of the certificate also matches a value you specify.
When initiating TLS or HTTPS connections, the client libraries will check the host name of the database server against the certificate provided by that server using the procedure described in RFC 2818. This check will only happen if none of the certificate_name, certificate_company, or certificate_unit options are specified, and the skip_certificate_name_check option is not enabled. If any of certificate_name, certificate_company, or certificate_unit are specified, only those options are verified. The skip_certificate_name_check option disables the host name check when enabled.
The following example sets up RSA encryption for an HTTPS protocol. This requires setup on the server and client. Each command must be written on one line.
The server implementation is:
mlsrv17 -c "DSN=SQL Anywhere 17 Demo;UID=DBA;PWD=sql" -x https( identity=myserver.id; identity_password=pwd)
On a SQL Anywhere client, the implementation is:
dbmlsync -c "DSN=mydb;UID=DBA;PWD=passwd" -e "ctp=https; adr='host=myserver=c:\certs\rootca.crt; certificate_company=My Company; certificate_unit=My Division; certificate_name=My MobiLink Server'"
In an UltraLite application written in Embedded SQL in C or C++, the implementation is:
info.stream = "https"; info.stream_parms = "trusted_certificates=c:\cert\rootca.crt;" "certificate_company=My Company;" "certificate_unit=My Division;" "certificate_name=My MobiLink Server";