Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » MobiLink and SAP HANA Remote Data Sync - Client Administration » MobiLink client network protocol options

trusted_certificates MobiLink client network protocol option

Specify a file containing a list of trusted root certificates used for secure synchronization.

Syntax
trusted_certificates=filename
Available protocols
  • TLS, HTTPS
Default

None

Remarks

When synchronization occurs through a TLS synchronization stream, the MobiLink server sends its certificate to the client, and the certificate of the entity that signed it, and so on up to a self-signed root.

The client checks that the chain is valid and that it trusts the root certificate in the chain. This feature allows you to specify which root certificates to trust.

Certificates are used according to the following rules of precedence:

  • For UltraLite clients, if certificates were set in the database by ulinit or ulload, then those certificates are used.

  • If the trusted_certificates parameter is provided, then the certificates from the specified file are used, replacing any trusted certificates that were stored in the database using ulinit or ulload.

  • If certificates are not specified by either the trusted_certificates parameter or by ulinit or ulload and you are on Windows, Windows Mobile, or Android, certificates are read from the operating system's trusted certificate store. This certificate store is used by web browsers when they connect to secure web servers via HTTPS.

You cannot use both the trusted_certificates option and the trusted_certificate_name option in the same set of stream options.

Example

The following example sets up RSA encryption for an HTTPS protocol. This requires setup on the server and client. Each command must be written on one line.

The server implementation is:

mlsrv17 
   -c "DSN=SQL Anywhere 17 Demo;UID=DBA;PWD=sql" 
   -x https(
     identity=%SQLANYSAMP17%\Certificates\rsaserver.id;
     identity_password=test)

On a SQL Anywhere client, the implementation is:

dbmlsync 
   -c "DSN=mydb;UID=DBA;PWD=passwd" 
   -e "ctp=https;
       adr='trusted_certificates=%SQLANYSAMP17%\Certificates\rsaroot.crt;
          certificate_name=RSA Server;
          certificate_company=SAP;
          certificate_unit=SQL Anywhere'"

In an UltraLite application written in Embedded SQL in C or C++, the implementation is:

info.stream = "https";
    info.stream_parms = 
       "trusted_certificates=C:\\Users\\Public\\Documents\\SQL Anywhere
          17\\Samples\\Certificates\\rsaroot.crt;"
       "certificate_name=RSA Server;"
       "certificate_company=SAP;"
       "certificate_unit=SQL Anywhere";