A database server certificate contains one or more digital signatures used to maintain data integrity and protect against tampering. Following are the steps used to create a digital signature:
A digital signature can be self-signed or signed by an enterprise root certificate or Certificate Authority.
When a client application contacts a database server, and each is configured to use transport-layer security, the server sends the client a copy of its certificate. The client decrypts the certificate's digital signature using the server's public key included in the certificate, calculates a new hash of the certificate, and compares the two values. If the values match, this confirms the integrity of the server's certificate.
If you are using FIPS-approved RSA encryption, you must generate your certificates using RSA.
For more information about self-signed certificates, see Self-signed root certificates.
For more information about enterprise root certificates and Certificate Authorities, see Certificate chains.
|Send feedback about this page via email or DocCommentXchange||Copyright © 2008, iAnywhere Solutions, Inc. - SQL Anywhere 11.0.0|