|
|
| Brent Williams 2006-02-28, 8:27 pm |
| I'm running v9.0.2.3249
I setup my mobilink server with rsa encryption using the following lines:
tcpip(port=2439;live
ness_timeout=3600;se
curity=rsa_tls(certi
ficate=c:\ERx\certs\
server. cer;certificate_pass
word=changeit))
I'm trying to sync using ulsync but keep getting the message "Sync
failed: SQLE_UNRECOGNIZED_OP
TION (-1002)" when I supply the
trusted_certificates
= option. Should I be able to use rsa encryption
with ulsync? If so, will someone explain how?
Thanks
| |
| Tom Slee 2006-03-05, 8:29 pm |
| Unfortunately ulsync does not support synchronization over encrypted
streams.
Tom Slee
iAnywhere Product Management
Brent Williams wrote:
> I'm running v9.0.2.3249
>
> I setup my mobilink server with rsa encryption using the following lines:
>
> tcpip(port=2439;live
ness_timeout=3600;se
curity=rsa_tls(certi
ficate=c:\ERx\certs\
server. cer;certificate_pass
word=changeit))
>
>
> I'm trying to sync using ulsync but keep getting the message "Sync
> failed: SQLE_UNRECOGNIZED_OP
TION (-1002)" when I supply the
> trusted_certificates
= option. Should I be able to use rsa encryption
> with ulsync? If so, will someone explain how?
>
> Thanks
| |
| Brent Williams 2006-03-05, 8:29 pm |
| Is there a way to enforce encryption from outside the firewall but not
inside? or make the encryption optional on a user basis? How would you
handle the situation where we want to pre-generate a database using
ulsync but want to enforce encryption to users doing a sync again the
same mobilink server? I guess we could setup a internal MobiLink server
that only we can use but that would not be my first choice because you
could be complicating things. Your thoughts?
Tom Slee wrote:[color=darkred
]
> Unfortunately ulsync does not support synchronization over encrypted
> streams.
>
> Tom Slee
> iAnywhere Product Management
>
> Brent Williams wrote:
>
| |
| Reg Domaratzki \(iAnywhere Solutions\) 2006-03-05, 8:29 pm |
| You simply need to start two protocols on the MobiLink server, each
listening on different ports.
dbmlsrv9 -x
tcpip,tcpip(port=999
9;security=rsa_tls(c
ertificate=rsa. crt;certificate_pass
w
ord=sql)) -c "dsn=UltraLite 9.0 Sample"
The MobiLink server will now be listening on the default TCPIP port (2439)
for non-encrypted synchronizations, and on port 9999 for encrypted
synchronizations.
I. 03/03 09:01:36. <Main>: MobiLink server started
I. 03/03 09:01:36. <Main>: Local file for remote synchronization logs:
'dbmlsrv.mle'
I. 03/03 09:01:36. <Main>: Stream specifier 1: tcpip
I. 03/03 09:01:36. <Main>: Stream specifier 2:
tcpip(port=9999;secu
rity=rsa_tls(certifi
cate=rsa. crt;certificate_pass
word=**
******))
I. 03/03 09:01:37. <thread 1.1>: Ready to handle requests
I. 03/03 09:01:37. <thread 1.2>: Ready to handle requests
I. 03/03 09:01:37. <thread 1.3>: Ready to handle requests
I. 03/03 09:01:37. <thread 2.1>: Ready to handle requests
I. 03/03 09:01:37. <thread 2.2>: Ready to handle requests
--
Reg Domaratzki, Sybase iAnywhere Solutions
Sybase Certified Professional - Sybase ASA Developer Version 8
Please reply only to the newsgroup
iAnywhere Developer Community : http://www.ianywhere.com/developer
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
ASA Patches and EBFs : http://downloads.sybase.com/swd/base.do
-> Choose SQL Anywhere Studio
-> Set filter to "Display ALL platforms IN ALL MONTHS"
"Brent Williams" < brentwilliams@bcbsal
.org> wrote in message
news:4407713b$1@foru
ms-2-dub...[color=darkred]
> Is there a way to enforce encryption from outside the firewall but not
> inside? or make the encryption optional on a user basis? How would you
> handle the situation where we want to pre-generate a database using
> ulsync but want to enforce encryption to users doing a sync again the
> same mobilink server? I guess we could setup a internal MobiLink server
> that only we can use but that would not be my first choice because you
> could be complicating things. Your thoughts?
>
> Tom Slee wrote:
lines:[color=darkred
]
tcpip(port=2439;live
ness_timeout=3600;se
curity=rsa_tls(certi
ficate=c:\ERx\ce
rts\server. cer;certificate_pass
word=changeit))[colo
r=darkred]
| |
| Brent Williams 2006-03-05, 8:29 pm |
| Thanks, that is perfect.
One more question...what parameters do I need to specify on the device
(Palm or Pocket PC) in order to do a encrypted tcpip sync? I've tried
trusted_certificates
= but it complains about that. I also tried a few
other variations with certificate_company=
but that didn't work. Any ideas?
Reg Domaratzki (iAnywhere Solutions) wrote:
> You simply need to start two protocols on the MobiLink server, each
> listening on different ports.
>
> dbmlsrv9 -x
> tcpip,tcpip(port=999
9;security=rsa_tls(c
ertificate=rsa. crt;certificate_pass
w
> ord=sql)) -c "dsn=UltraLite 9.0 Sample"
>
> The MobiLink server will now be listening on the default TCPIP port (2439)
> for non-encrypted synchronizations, and on port 9999 for encrypted
> synchronizations.
>
> I. 03/03 09:01:36. <Main>: MobiLink server started
> I. 03/03 09:01:36. <Main>: Local file for remote synchronization logs:
> 'dbmlsrv.mle'
> I. 03/03 09:01:36. <Main>: Stream specifier 1: tcpip
> I. 03/03 09:01:36. <Main>: Stream specifier 2:
> tcpip(port=9999;secu
rity=rsa_tls(certifi
cate=rsa. crt;certificate_pass
word=**
> ******))
> I. 03/03 09:01:37. <thread 1.1>: Ready to handle requests
> I. 03/03 09:01:37. <thread 1.2>: Ready to handle requests
> I. 03/03 09:01:37. <thread 1.3>: Ready to handle requests
> I. 03/03 09:01:37. <thread 2.1>: Ready to handle requests
> I. 03/03 09:01:37. <thread 2.2>: Ready to handle requests
>
| |
| Mike Vander Ploeg 2006-03-15, 9:23 am |
| All you should need is the trusted_certificates
parameter. The
certificate_company,
certificate_unit, and certificate_name are optional
parameters which can provide extra security.
Could you provide some additional details? What SQLCODE and stream error
are you getting? Are you using the ActiveSync provider or the Palm conduit,
or are you syncing directly from the device?
As an alternative to using the trusted_certificates
parameter, you can also
embed the trusted certificate in your database when you create it using
the -r option of ulgen.
Mike Vander Ploeg
iAnywhere Solutions
"Brent Williams" < brentwilliams@bcbsal
.org> wrote in message
news:440854db$1@foru
ms-2-dub...[color=darkred]
> Thanks, that is perfect.
>
> One more question...what parameters do I need to specify on the device
> (Palm or Pocket PC) in order to do a encrypted tcpip sync? I've tried
> trusted_certificates
= but it complains about that. I also tried a few
> other variations with certificate_company=
but that didn't work. Any
> ideas?
>
> Reg Domaratzki (iAnywhere Solutions) wrote:
| |
| Brent Williams 2006-03-17, 8:23 pm |
| Thanks for the reply but I've since learned that you don't support
encrypted tcpip sync from a pocket pc device...only palm.
Mike Vander Ploeg wrote:
> All you should need is the trusted_certificates
parameter. The
> certificate_company,
certificate_unit, and certificate_name are optional
> parameters which can provide extra security.
>
> Could you provide some additional details? What SQLCODE and stream error
> are you getting? Are you using the ActiveSync provider or the Palm conduit,
> or are you syncing directly from the device?
>
> As an alternative to using the trusted_certificates
parameter, you can also
> embed the trusted certificate in your database when you create it using
> the -r option of ulgen.
>
> Mike Vander Ploeg
> iAnywhere Solutions
>
> "Brent Williams" < brentwilliams@bcbsal
.org> wrote in message
> news:440854db$1@foru
ms-2-dub...
>
>
>
>
| |
| Mike Vander Ploeg 2006-03-21, 11:24 am |
| Where did you hear that? UltraLite does support encrypted tcpip from a
pocket pc device.
Mike
"Brent Williams" < brentwilliams@bcbsal
.org> wrote in message
news:441b4367$1@foru
ms-1-dub...[color=darkred]
> Thanks for the reply but I've since learned that you don't support
> encrypted tcpip sync from a pocket pc device...only palm.
>
> Mike Vander Ploeg wrote:
| |
| Brent Williams 2006-03-21, 11:24 am |
| Here is a quote from an email from Liam Cavanagh. FYI, we are using C#
on the Pocket PC.
"I apologize. I thought encryption over TCPIP was supported in 9.0.2,
using .NET, but apparently I am wrong.
The only TLS encryption that you can do is HTTPS. Is this an option for
you?"
Mike Vander Ploeg wrote:
> Where did you hear that? UltraLite does support encrypted tcpip from a
> pocket pc device.
>
> Mike
>
> "Brent Williams" < brentwilliams@bcbsal
.org> wrote in message
> news:441b4367$1@foru
ms-1-dub...
>
>
| |
| Mike Vander Ploeg 2006-03-22, 9:24 am |
| I didn't realize you were using .NET. What Liam said is true.
Mike
"Brent Williams" < brentwilliams@bcbsal
.org> wrote in message
news:44202af0$1@foru
ms-1-dub...[color=darkred]
> Here is a quote from an email from Liam Cavanagh. FYI, we are using C# on
> the Pocket PC.
>
>
> "I apologize. I thought encryption over TCPIP was supported in 9.0.2,
> using .NET, but apparently I am wrong.
>
> The only TLS encryption that you can do is HTTPS. Is this an option for
> you?"
>
>
>
> Mike Vander Ploeg wrote:
|
|
|
|