Hello All, I was trying to setup a connection to a server using TLS encryption using SQLAnywhere 17 but I always get a "TLS handshake failure" - any toughts? Rootcreatecert.exe -b 2048 -x -ca 1 -co Root.crt -io Root.id -ko Root.pk -kp test -m 1 -sc PT -sst Test -sl Lisboa -so "Test" -sou Test -scn "Test" -u 1,2,3,4,5,6,7 -v 50 Servercreatecert.exe -b 2048 -c Root.crt -ck Root.pk -cp test -ca 0 -co Server.crt -io Server.id -ko Server.pk -kp test -m 1 -sc PT -sst Test -sl Lisboa -so "Test" -sou Test -scn "Test" -u 1,2,3,4,5,6,7 -v 50 Clientcreatecert.exe -b 2048 -c Root.crt -ck Root.pk -cp test -ca 0 -co Client.crt -io Client.id -ko Client.pk -kp test -m 1 -sc PT -sst Test -sl Lisboa -so "Test" -sou Test -scn "Test" -u 1,2,3,4,5,6,7 -v 50 Server Launchdbsrv17.exe -n SERVER -pc -ec tls(identity=server.id;identity_password=test;trusted_certificates=server.crt) -x tcpip "database.db" Client Launchdbisqlc.exe -c "ServerName=SERVER;Host=127.0.0.1;ENC=TLS(identity=client.id;identity_password=test;trusted_certificates=client.crt) Thanks in advance, Rui Cruz |
There are a few problems:
So your server command should be: dbsrv17.exe -n SERVER -pc -ec tls(identity=server.id;identity_password=test;trusted_certificates=Root.crt) -x tcpip "database.db" and your client command should be: dbisqlc.exe -c "ServerName=SERVER;Host=127.0.0.1;ENC=TLS(identity=client.id;identity_password=test;trusted_certificates=Root.crt;skip_certificate_name_check=1)" Thanks Graeme, the problem was the "skip_certificate_name_check" and the "common name" that was not the server name - all the other settings you suggested i already unsuccessfully tried and the example i've posted was only one of them. Thank your very much! Best regards, Rui Cruz
(31 May '19, 05:33)
rmgdc77
|