Sample 1: Setting up the Client and Server Without Client Verification by the Server
Go Up to Sample OTW Configurations
This is the setup that most InterBase customers will use. In this setup, the server’s identity is provided by the server’s certificate and the client verifies that the server matches what the client wanted to connect to. The client also authenticates the server certificate based on a CA file located on the client.
Setting up the server
To set up the sample server for OTW, take the following steps:
- Create the ibserverCAfile.pem and the ibserver.pem files.
- Copy the ibserver.pem file to <install_directory>/secure/server/ibserver.pem.
- Create or copy the ibss_config in the <install_directory>/secure/server/ directory from the ibss_config default file.
- Setup and create the 2 dhparam files in the <install_directory>/secure/server directory, if you want unique ones for your location.
- Start the server, which should be set up for receiving SSL connections on port 3065 (default).
Setting up the client
To set up the sample client for OTW:
- Copy the ibserverCAfile.pem provided by the server DBA to the user’s home directory.
- Using isql, make a connection using the following as your URL. Assume your server and client are on the same machine then the hostname is “localhost”.
isql> connect “localhost/3065?ssl=true??:c:/foo.ib”;
You are now set up to use OTW. This example used default locations for all the certificate and CA files used. If you do not use the defaults and decide to change the location of the server files, you must change the IBSSL_SERVER_CERTFILE parameter in the ibss_config file to point to your PEM formatted Certificate (plus private key) file.
If you locate the CA file (on the client machine) in a directory other than your home directory use the following command on connect:
isql> connect “localhost/3065?ssl=true?serverPublicFile=<your CA file location and name>??:c:/foo.ib”;