on 2014 Jun 20 10:14 AM
We've received a wild-card certificate for our domain, say .aaa.bbb.cc from our service provider.
(This file is in a .pfx format).
When I try to start my database using HTTPS:
-x TCPIP -xs https(identity="C:\\xxxx\\yyyy.pfx";identity_password="zzzz";port=443), Sybase fails to start with the message 'Unable to open certificate file "C:\\xxxx\\yyyy.pfx"'
Any advice? Am I supposed to do something with the original certificate before it can be used in this context?
Request clarification before answering.
You need to convert your certificate from PFX format to PEM format.
To do this you can use the openssl tools. E.g. see here for a description.
HTH
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Just another point: I've run the converted ____.pem through a validation routine at http://www.sslshopper.com/certificate-decoder.html and everything came back fine. Which means it eliminates the points in the help documents here: http://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.12.0.0/saerrors/mlcom...
I repro'ed your issue using the command line that you have given ... and your problem is that you need to remove the quotes (the server is including the quote characters as part of the name to the file and as part of the password) - the quotes are not needed since the fields are semicolon delimited. Example, try using:
dbsrv12 "PW12.db" -x TCPIP -xs https(identity=C:\\Certs___.pem;identity_password=___)
Correct, I have confirmed that if you quote the entire -xs options string then v12 will start up. Example:
dbsrv12 -n foo -xs "https(identity=myid.pem;identity_password=@secret)"
Thanks guys. I'm convinced the problem lies in my password. It contains & and @ as characters. Say the password is @aaa&123
When I try to test the certificate with Sybase's viewcert utility:
viewcert -ip @aaa&123 accsys.pem, the response is '123' is not recognized as an internal or external command,operable program or batch file. - Which means the '&' is messing things up.
viewcert -ip "@aaa&123" accsys.pem, the response is Can't open file aaa&123 - Which means it's throwing away the '@' in the beginning.
'&' is a special character for many Windows and Unix shells so I would highly recommended that you never use it in passwords nor user names or file names, etc. (also included in this list of non-recommended characters - and this is just my opinion, not an 'official' SQLA recommendation - would be semicolons ';', commas ',', dollar signs '$', percent '%', and leading '@' characters. Using these characters just leads you into troubles like the one that you are having).
'@' at the beginning of a field is a special character for SQL Anywhere - it tells SQLA that the following string (e.g. @abc) is a name of a file that contains command line options. See http://dcx.sybase.com/index.html#sa160/en/dbadmin/dbutilities-s-5613446.html for more info.
A solution for you is to put your command line options (for viewcert or dbsrv12 or any other SQLA command) into a file (e.g. 'viewcert_opts.txt') and then run your command using
viewcert @viewcert_opts.txt accsys.pem. The contents of this file, in your case, would be:
-p @aaa&123
User | Count |
---|---|
76 | |
30 | |
10 | |
8 | |
8 | |
7 | |
7 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.