Labels

admin (1) aix (1) alert (1) always-on (2) Architecture (1) aws (3) Azure (1) backup (3) BI-DWH (10) Binary (3) Boolean (1) C# (1) cache (1) casting (3) cdc (1) certificate (1) checks (1) cloud (3) cluster (1) cmd (7) collation (1) columns (1) compilation (1) configurations (7) Connection-String (2) connections (6) constraint (6) copypaste (2) cpu (2) csv (3) CTE (1) data-types (1) datetime (23) db (547) DB2 (1) deadlock (2) Denali (7) device (6) dotNet (5) dynamicSQL (11) email (5) encoding (1) encryption (4) errors (124) excel (1) ExecutionPlan (10) extended events (1) files (7) FIPS (1) foreign key (1) fragmentation (1) functions (1) GCP (2) gMSA (2) google (2) HADR (1) hashing (3) in-memory (1) index (3) indexedViews (2) insert (3) install (10) IO (1) isql (6) javascript (1) jobs (11) join (2) LDAP (2) LinkedServers (8) Linux (15) log (6) login (1) maintenance (3) mariadb (1) memory (4) merge (3) monitoring (4) MSA (2) mssql (444) mssql2005 (5) mssql2008R2 (20) mssql2012 (2) mysql (36) MySQL Shell (5) network (1) NoSQL (1) null (2) numeric (9) object-oriented (1) offline (1) openssl (1) Operating System (4) oracle (7) ORDBMS (1) ordering (2) Outer Apply (1) Outlook (1) page (1) parameters (2) partition (1) password (1) Performance (103) permissions (10) pivot (3) PLE (1) port (4) PostgreSQL (14) profiler (1) RDS (3) read (1) Replication (12) restore (4) root (1) RPO (1) RTO (1) SAP ASE (48) SAP RS (20) SCC (4) scema (1) script (8) security (10) segment (1) server (1) service broker (2) services (4) settings (75) SQL (74) SSAS (1) SSIS (19) SSL (8) SSMS (4) SSRS (6) storage (1) String (35) sybase (57) telnet (2) tempdb (1) Theory (2) tips (120) tools (3) training (1) transaction (6) trigger (2) Tuple (2) TVP (1) unix (8) users (3) vb.net (4) versioning (1) windows (14) xml (10) XSD (1) zip (1)

SSL Configuration - SAP RS (Sybase RS)

How to setup self-signed SSL with SAP RS

On the server-side:
  1. Create an ASE certificate.
  2. Enable SSL in ASE (if required).
  3. Edit the interfaces/sql.ini file - add SSL definition.
  4. Enable SSL in RS.
  5. Restart RS.
A detailed description of the process to activate SSL for ASE

On the server-side:

If required: Installing OpenSSL on the machine.

1. Create an ASE certificate

If already done for your server - skip it. 
The certificates for the ASE on the server can be used also by the RS on this server.

8. Create/Copy the crt file to RS certificates folder
cd /sybvol01/sap16/OCS-16_0/bin/
cat ASAZRLNSAP16.public ASAZRLNSAP16.key > /sybvol01/sap16rs/REP-16_0/certificates/ASAZRLNSAP16.crt
File created: /sybvol01/sap16rs/REP-16_0/certificates/ASAZRLNSAP16.crt

9. Create  client certificate

9.a create ASAZRLNSAP16.txt in the RS certificates folder
cp root.crt /sybvol01/sap16rs/REP-16_0/certificates/ASAZRLNSAP16.txt

9.b add certificates content to the exists trusted.txt in the RS config folder (.../sap16rs/config/trusted.txt)

9.c copy more files to the RS certificates folder:
cp ASAZRLNSAP16.csr /sybvol01/sap16rs/REP-16_0/certificates/ASAZRLNSAP16.csr
cp ASAZRLNSAP16.key /sybvol01/sap16rs/REP-16_0/certificates/ASAZRLNSAP16.key
cp ASAZRLNSAP16.public /sybvol01/sap16rs/REP-16_0/certificates/ASAZRLNSAP16.public
cp root.crt /sybvol01/sap16rs/REP-16_0/certificates/root.crt
cp root.csr /sybvol01/sap16rs/REP-16_0/certificates/root.csr
cp root.key /sybvol01/sap16rs/REP-16_0/certificates/root.key


2. Enable SSL in ASE  (if required)

10. Enable ssl in ASE
→ if already done for the ASE (step 10) - skip it.
sp_configure "enable ssl", 1

11. Add ssl certificate into ASE (already done for ASE, step 11)


3. Edit the interfaces/sql.ini file - add SSL definition

12. Edit the interfaces/sql.ini file to create an ssl port:
ASAZRLNSAP16
    master tcp ether ASAZRLNSAP16 5000 ssl="CN=ASAZRLNSAP16"
    query tcp ether ASAZRLNSAP16 5000 ssl="CN=ASAZRLNSAP16"
 
RSFOG2 
   master tcp ether ASAZRLNSAP16 11753 ssl="CN=ASAZRLNSAP16"
   query tcp ether ASAZRLNSAP16 11753 ssl="CN=ASAZRLNSAP16"


4. Enable SSL in RS

13. Grant execute permissions for sp_serverinfo (CR# 814027)
use sybsystemprocs
go
grant execute on sp_serverinfo to public
go

14. Enable SSL on RS
1> configure replication server set use_ssl to 'on'
2> go
Config parameter 'use_ssl' is modified. This change will not take effect until the Replication Server is restarted.


5. Restart and do checks

15. Restart RS
Stop RS:
1> shutdown
2> go
Start RS:
cd /sybvol01/sap16rs/REP-16_0/install/
startserver -f RUN_RSFOG2
  • Windows: stop and start the service in Services.

16. Check that SSL is enabled:

1> use RSFOG2_RSSD
2> go
1> select * from rs_config where optionname like "%ssl%"
2> go
optionname                     objid              charvalue         status comments                                                                                                                                             
 ------------------------------ ------------------ -------------
 ssl_protocol                   0x0000000000000000 TLSv1        0 Indicated the SSL protocol value of Replication Server.                                                                                                                     
 use_ssl                        0x0000000000000000 on   
should be:
1. ssl_protocol is not null
2. ssl_protocol is on

1> select @@ssl_ciphersuite
2> go
 ------------------------------
 TLS_RSA_WITH_AES_256_CBC_SHA
פורסם על ידי
תוויות: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)