cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secured Sybase Web Service with outside certificate authority

Go to solution
Former Member

on ‎10-03-2014 10:42 PM

0 Kudos

Hello,

I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?

Thanks,

Sudarat.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JasonHinsperger
Advisor
Advisor
‎10-08-2014 3:05 PM
0 Kudos

Sudarat,

       How you get a signed certificate is something that is defined/managed by the certificate authority and has nothing to do with SQL Anywhere.  Once you have the certificate, you can provide it to the database server and use it.

If I have misunderstood your question, can you please clarify?

--Jason

Show replies
Show replies
Former Member
‎10-09-2014 5:44 PM
0 Kudos

Hello Jason,


Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.

1. I use CreateCert.exe with /r parameter to create CSR and private key.

2. I sent CSR to a certificate authority and they send back a signed certificate.

3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.

Are the above steps what I have to do?  If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?

Thanks,

Sudarat.

Former Member
‎10-10-2014 3:54 PM
0 Kudos

Hi Sudarat,

the described steps are basically correct. Just one correction/clarification on step 3 ...

The identity file has to contain the whole certificate chain and the encrypted private key. See KBA 1890389.

Kind regards,

Dietrich

Former Member
‎10-10-2014 11:58 PM
0 Kudos

Hi Diestrich,

I could not click to the link of KBA 1890389. Could you help to verify?

Do you know how can I redistribute createcert.exe to my customers?

Thanks,

Sudarat.

jeff_albion
Employee
Employee
‎10-14-2014 9:45 PM
0 Kudos

Hello Sudarat,

The KBA link is correct - do you have an SAP Support Portal login?

--

You shouldn't ever need to distribute createcert.exe to customers.

createcert is used to generate the private key, and optionally sign it or create a signing request. In the case of a third-party Certificate Authority (CA), you create a signing request and have the CA sign it. You then use the private identity file returned to you by the CA (with the full CA chain) on the server-side, and use the public certificate of the CA with your clients. You can generally download the public certificate from the CA's website.

Regards,

Jeff Albion

SAP Active Global Support

reimer_pods
Participant
‎10-15-2014 8:45 AM
0 Kudos

Hi Jeff,

the link didn't work for me too, the browser reports that it can't find the server support.wdf.sap.corp. Maybe it's some kind of intranet thing, so it's working for you inside SAP, but not from the outside?

Regards

Reimer

Former Member
‎10-15-2014 9:16 AM
0 Kudos

Hi Sudarat and Reimer,

please excuse this incorrect URL. That "Quick Link" feature didn't work as expected.

The correct link should be: http://service.sap.com/sap/support/notes/1890389

In general, an easy way to look into a KBA, when the number is given, is using the Support Portal where you can search on keywords or the KBA number.

Kind regards,

Dietrich

Former Member
‎10-15-2014 10:53 PM
0 Kudos

Thanks all for more information.

Hi Jeff,

>> In the case of a third-party Certificate Authority (CA), you create a signing request

How do my customers create a signing request for Sybase Web Service (to send to third-party CA) if they do not use CreateCert? As for my test, I also need the private key combine with a signed CA from third-party. I have also tried to use the signed CA that I created a signing request from IIS and it won't work with Sybase Web Service.

Would it be possible to let me know steps by steps? I still have problem about my login ID to not be able to see KB in Support Portal which I have already contacted my local partner.

Thanks,

Sudarat.

Answers (0)

Ask a Question