on 10-03-2014 10:42 PM
Hello,
I would like to use Secured Sybase Web Service with outside certificate authority, like Symantec. Could you let me know how I can create CSR for sending to Symantec? What other steps do I need to do?
Thanks,
Sudarat.
Sudarat,
How you get a signed certificate is something that is defined/managed by the certificate authority and has nothing to do with SQL Anywhere. Once you have the certificate, you can provide it to the database server and use it.
If I have misunderstood your question, can you please clarify?
--Jason
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jason,
Thanks for your reply. The certificate authority require the CSR file before issue a signed certificate. If this is a signed certificate for IIS web server, I can create CSR from IIS. But I cannot use a signed certificate created from CSR of IIS with Sybase Web Service. The below steps are what I have tried.
1. I use CreateCert.exe with /r parameter to create CSR and private key.
2. I sent CSR to a certificate authority and they send back a signed certificate.
3. I have to combine a signed certificate from #2 with private key created from #1. Then use that file to specify with -xs{https …when starting the service.
Are the above steps what I have to do? If so, do I need to redistribute createcert.exe to my customers who want to use my application and how? Why I cannot use the signed certificate created from CSR of IIS?
Thanks,
Sudarat.
Hi Sudarat,
the described steps are basically correct. Just one correction/clarification on step 3 ...
The identity file has to contain the whole certificate chain and the encrypted private key. See KBA 1890389.
Kind regards,
Dietrich
Hello Sudarat,
The KBA link is correct - do you have an SAP Support Portal login?
--
You shouldn't ever need to distribute createcert.exe to customers.
createcert is used to generate the private key, and optionally sign it or create a signing request. In the case of a third-party Certificate Authority (CA), you create a signing request and have the CA sign it. You then use the private identity file returned to you by the CA (with the full CA chain) on the server-side, and use the public certificate of the CA with your clients. You can generally download the public certificate from the CA's website.
Regards,
Jeff Albion
SAP Active Global Support
Hi Sudarat and Reimer,
please excuse this incorrect URL. That "Quick Link" feature didn't work as expected.
The correct link should be: http://service.sap.com/sap/support/notes/1890389
In general, an easy way to look into a KBA, when the number is given, is using the Support Portal where you can search on keywords or the KBA number.
Kind regards,
Dietrich
Thanks all for more information.
Hi Jeff,
>> In the case of a third-party Certificate Authority (CA), you create a signing request
How do my customers create a signing request for Sybase Web Service (to send to third-party CA) if they do not use CreateCert? As for my test, I also need the private key combine with a signed CA from third-party. I have also tried to use the signed CA that I created a signing request from IIS and it won't work with Sybase Web Service.
Would it be possible to let me know steps by steps? I still have problem about my login ID to not be able to see KB in Support Portal which I have already contacted my local partner.
Thanks,
Sudarat.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.