|
Home > Archive > SQL Anywhere Mobile > June 2005 > ECC_TLS encryption to work with mobilink and PocketPC?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ECC_TLS encryption to work with mobilink and PocketPC?
|
|
|
| ASA 9.0.2.3044
Hello all, I am stumped. I am working on getting the
encryption working between a mobilink client (PocketPC) and
a mobilink server. I am even trying to get the sample
certificate to work... and am having trouble. Withouth
encryption it works just fine. (I do have the certicom
addon)
The server monitor screen shows that the service is running
with the encryption when I tell it to use the cert.
I have read through tons of whitepapers and documents, and I
cannot seem to get anywhere!
Also, with verbose logging turned on, I see this error on
the mobilink server when I try to connect using the
encryption.
Error: Unable to read from the 'certicom_ssl' network
connection. Handshake error. The system-specific error code
is -6996 (hex ffffe4ac).
Hope I gave enough info, I am stumped and need to figure
this out pretty soon! Like I said it does work without the
encryption, but not when I try and use it.
Server parameters: -c " dsn=timtest;uid=dba;
pwd=sql" -x
tcpip(security=ecc_t
ls(certificate=sampl
e. crt;certificate_pass
word=tJ1#m6+W))
--when the server starts, it says: Data stream 1 is being
encrypted using security technology from Certicom Corp.
1. On the PocketPC, where are the encryption options set at?
Is it in a dsn file in the TCPIP{}? If so, what is the
syntax?
2. If I was to generate my own with gencert - which options
do I need to do? What gets given to the PocketPC?
| |
| Reg Domaratzki \(iAnywhere Solutions\) 2005-06-09, 9:24 am |
| On the PPC, are you using UltraLite or an ASA Database?
PS : The good news is your half done. You've done everything right on the
consolidated. :)
PPS: I'll answer your 2nd question about generating your own certs as well,
but knowing what type of remote your using is very important.
--
Reg Domaratzki, Sybase iAnywhere Solutions
Sybase Certified Professional - Sybase ASA Developer Version 8
Please reply only to the newsgroup
iAnywhere Developer Community : http://www.ianywhere.com/developer
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
ASA Patches and EBFs : http://downloads.sybase.com/swx/sdmain.stm
-> Choose SQL Anywhere Studio
-> Set "Platform Preview" and "Time Frame" to ALL
<Tim> wrote in message news:42a8470b.2b37.1681692777@sybase.com...
> ASA 9.0.2.3044
>
> Hello all, I am stumped. I am working on getting the
> encryption working between a mobilink client (PocketPC) and
> a mobilink server. I am even trying to get the sample
> certificate to work... and am having trouble. Withouth
> encryption it works just fine. (I do have the certicom
> addon)
> The server monitor screen shows that the service is running
> with the encryption when I tell it to use the cert.
>
> I have read through tons of whitepapers and documents, and I
> cannot seem to get anywhere!
>
> Also, with verbose logging turned on, I see this error on
> the mobilink server when I try to connect using the
> encryption.
>
> Error: Unable to read from the 'certicom_ssl' network
> connection. Handshake error. The system-specific error code
> is -6996 (hex ffffe4ac).
>
> Hope I gave enough info, I am stumped and need to figure
> this out pretty soon! Like I said it does work without the
> encryption, but not when I try and use it.
>
> Server parameters: -c " dsn=timtest;uid=dba;
pwd=sql" -x
>
tcpip(security=ecc_t
ls(certificate=sampl
e. crt;certificate_pass
word=tJ1#m6+W)
)
>
> --when the server starts, it says: Data stream 1 is being
> encrypted using security technology from Certicom Corp.
>
> 1. On the PocketPC, where are the encryption options set at?
> Is it in a dsn file in the TCPIP{}? If so, what is the
> syntax?
>
> 2. If I was to generate my own with gencert - which options
> do I need to do? What gets given to the PocketPC?
| |
|
| Using an ASA 9.0.3044 database on the ppc as well.. sorry I
forgot to put that in there.
> On the PPC, are you using UltraLite or an ASA Database?
>
> PS : The good news is your half done. You've done
> everything right on the consolidated. :)
> PPS: I'll answer your 2nd question about generating your
> own certs as well, but knowing what type of remote your
> using is very important.
>
> --
> Reg Domaratzki, Sybase iAnywhere Solutions
> Sybase Certified Professional - Sybase ASA Developer
> Version 8 Please reply only to the newsgroup
>
> iAnywhere Developer Community :
> http://www.ianywhere.com/developer iAnywhere Documentation
> : http://www.ianywhere.com/developer/product_manuals ASA
> Patches and EBFs :
> http://downloads.sybase.com/swx/sdmain.stm
> -> Choose SQL Anywhere Studio
> -> Set "Platform Preview" and "Time Frame" to ALL
>
> <Tim> wrote in message
> 9.0.2.3044 >
> cert. >
> tcpip(security=ecc_t
ls(certificate=sampl
e.crt
> ;certificate_passwor
d=tJ1#m6+W) )
> Corp. >
> PocketPC?
>
>
| |
|
| Sorry, forgot to add that. We are using an ASA 9.0.2.3044
database ont he PPC as well.
> On the PPC, are you using UltraLite or an ASA Database?
>
> PS : The good news is your half done. You've done
> everything right on the consolidated. :)
> PPS: I'll answer your 2nd question about generating your
> own certs as well, but knowing what type of remote your
> using is very important.
>
> --
> Reg Domaratzki, Sybase iAnywhere Solutions
> Sybase Certified Professional - Sybase ASA Developer
> Version 8 Please reply only to the newsgroup
>
> iAnywhere Developer Community :
> http://www.ianywhere.com/developer iAnywhere Documentation
> : http://www.ianywhere.com/developer/product_manuals ASA
> Patches and EBFs :
> http://downloads.sybase.com/swx/sdmain.stm
> -> Choose SQL Anywhere Studio
> -> Set "Platform Preview" and "Time Frame" to ALL
>
> <Tim> wrote in message
> 9.0.2.3044 >
> cert. >
> tcpip(security=ecc_t
ls(certificate=sampl
e.crt
> ;certificate_passwor
d=tJ1#m6+W) )
> Corp. >
> PocketPC?
>
>
| |
| Reg Domaratzki \(iAnywhere Solutions\) 2005-06-09, 11:24 am |
| In that case, you define your encryption options in the ADDRESS clause of
the CREATE SYNCH USER/SUBSCRIPTION command. For example :
create publication p1 ( table t1 );
create synchronization user u1;
create synchronization subscription to p1 for u1
type TCPIP
address
'host=machine_name;s
ecurity=ecc_tls(trus
ted_certificates=sam
ple.crt)'
option sv='v1';
If you want to create your own certificates, the easiest thing to do is to
create a self-signed certificate. If you were to create a self-signed
certificate as follows :
[901][d:\bld\db.901] gencert -r
Certificate Generation Tool
Choose certificate type ((R)SA or (E)CC): E
Generating key pair...
Country: CA
State/Province: ON
Locality: Waterloo
Organization: iAnywhere
Organizational Unit: Badges
Common Name: WeDontNeedNoStinkinB
adges
Serial Number: 12345
Certificate valid for how many years: 10
Enter password to protect private key: sql
Enter file path to save certificate: self.crt
Enter file path to save private key: self_pri.crt
Enter file path to save server identity: serv.crt
Then you would start your MobiLink server as such :
dbmlsrv9 -x
tcpip& #123;security=ecc_tl
s& #123;certificate=ser
v. crt;certificate_pass
word=sql}} -zu+
-o mlsrv.txt -c "dsn=cons"
And your defintions on the remote would look like :
create publication p1 ( table t1 );
create synchronization user u1;
create synchronization subscription to p1 for u1
type TCPIP
address
'host=machine_name;s
ecurity=ecc_tls(trus
ted_certificates=sel
f.crt)'
option sv='v1';
The serv.crt and self_pri.crt certificates should be kept secure, and the
self.crt certificate is what you would distribute to end users.
--
Reg Domaratzki, Sybase iAnywhere Solutions
Sybase Certified Professional - Sybase ASA Developer Version 8
Please reply only to the newsgroup
iAnywhere Developer Community : http://www.ianywhere.com/developer
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
ASA Patches and EBFs : http://downloads.sybase.com/swx/sdmain.stm
-> Choose SQL Anywhere Studio
-> Set "Platform Preview" and "Time Frame" to ALL
<Tim> wrote in message news:42a85452.4a59.1681692777@sybase.com...[color=darkred]
> Sorry, forgot to add that. We are using an ASA 9.0.2.3044
> database ont he PPC as well.
>
| |
| Bob Piskac 2005-06-09, 11:24 am |
| Does the Pocket PC support from Sybase allow this information to be stored
in the FILEDSN?
"Reg Domaratzki (iAnywhere Solutions)" <FirstName.LastName@ianywhere.com>
wrote in message news:42a85b2b$1@foru
ms-1-dub...
> In that case, you define your encryption options in the ADDRESS clause of
> the CREATE SYNCH USER/SUBSCRIPTION command. For example :
>
> create publication p1 ( table t1 );
> create synchronization user u1;
> create synchronization subscription to p1 for u1
> type TCPIP
> address
> 'host=machine_name;s
ecurity=ecc_tls(trus
ted_certificates=sam
ple.crt)'
> option sv='v1';
>
> If you want to create your own certificates, the easiest thing to do is to
> create a self-signed certificate. If you were to create a self-signed
> certificate as follows :
>
| |
| Reg Domaratzki \(iAnywhere Solutions\) 2005-06-09, 1:23 pm |
| An ODBC DSN provides connection information for an application (in this case
dbmlsync) to connect to a database. It does NOT store information about the
method of communication between dbmlsync and the MobiLink server. This
information must be provided either by using the CREATE SYNCHRONIZATION USER
or CREATE SYNCHRONIZATION SUBSCRIPTION command, or it can be provided on the
dbmlsync command line.
There are other places were strong encryption can be used. The database
itself can be strongly encrypted, in which case a encryption key is need to
start the database. The communication stream between the database engine
and the application (which may go over a public network) can also be
strongly encrypted. These two pieces of information, which are needed to
connect to a database, can be specified in an ODBC DSN, but that's not what
you're asking about.
--
Reg Domaratzki, Sybase iAnywhere Solutions
Sybase Certified Professional - Sybase ASA Developer Version 8
Please reply only to the newsgroup
iAnywhere Developer Community : http://www.ianywhere.com/developer
iAnywhere Documentation : http://www.ianywhere.com/developer/product_manuals
ASA Patches and EBFs : http://downloads.sybase.com/swx/sdmain.stm
-> Choose SQL Anywhere Studio
-> Set "Platform Preview" and "Time Frame" to ALL
"Bob Piskac" <Bob@pbsoftware.com> wrote in message
news:42a87187@forums
-2-dub...
> Does the Pocket PC support from Sybase allow this information to be stored
> in the FILEDSN?
>
> "Reg Domaratzki (iAnywhere Solutions)" <FirstName.LastName@ianywhere.com>
> wrote in message news:42a85b2b$1@foru
ms-1-dub...
of[color=darkred]
to[color=darkred]
>
>
| |
| Bob Piskac 2005-06-09, 1:23 pm |
| Thank you, that was a very good answer.
| |
|
| Thanks!
> In that case, you define your encryption options in the
> ADDRESS clause of the CREATE SYNCH USER/SUBSCRIPTION
> command. For example :
>
> create publication p1 ( table t1 );
> create synchronization user u1;
> create synchronization subscription to p1 for u1
> type TCPIP
> address
> 'host=machine_name
> ;security=ecc_tls(tr
usted_certificates=s
ample.crt)'
> option sv='v1';
>
> If you want to create your own certificates, the easiest
> thing to do is to create a self-signed certificate. If
> you were to create a self-signed certificate as follows :
>
> [901][d:\bld\db.901] gencert -r
> Certificate Generation Tool
> Choose certificate type ((R)SA or (E)CC): E
> Generating key pair...
> Country: CA
> State/Province: ON
> Locality: Waterloo
> Organization: iAnywhere
> Organizational Unit: Badges
> Common Name: WeDontNeedNoStinkinB
adges
> Serial Number: 12345
> Certificate valid for how many years: 10
> Enter password to protect private key: sql
> Enter file path to save certificate: self.crt
> Enter file path to save private key: self_pri.crt
> Enter file path to save server identity: serv.crt
>
> Then you would start your MobiLink server as such :
>
> dbmlsrv9 -x
> tcpip& #123;security=ecc_tl
s& #123;certificate=ser
v.crt
> ;certificate_passwor
d=sql}} -zu+ -o mlsrv.txt -c
> "dsn=cons"
>
> And your defintions on the remote would look like :
>
> create publication p1 ( table t1 );
> create synchronization user u1;
> create synchronization subscription to p1 for u1
> type TCPIP
> address
> 'host=machine_name
> ;security=ecc_tls(tr
usted_certificates=s
elf.crt)'
> option sv='v1';
>
> The serv.crt and self_pri.crt certificates should be kept
> secure, and the self.crt certificate is what you would
> distribute to end users.
>
>
> --
> Reg Domaratzki, Sybase iAnywhere Solutions
> Sybase Certified Professional - Sybase ASA Developer
> Version 8 Please reply only to the newsgroup
>
> iAnywhere Developer Community :
> http://www.ianywhere.com/developer iAnywhere Documentation
> : http://www.ianywhere.com/developer/product_manuals ASA
> Patches and EBFs :
> http://downloads.sybase.com/swx/sdmain.stm
> -> Choose SQL Anywhere Studio
> -> Set "Platform Preview" and "Time Frame" to ALL
>
> <Tim> wrote in message
> database ont he PPC as well. >
>
>
|
|
|
|
|