Specifies the fully
qualified name of a self-signed server certificate or a certificate
authority (CA) certificate.
- Equivalent CLI keyword
- SSLServerCertificate
- Equivalent IBM® data server
provider for .NET connection string keyword
- SSLServerCertificate
- IBM data server driver configuration
file (db2dsdriver.cfg) syntax
- <parameter name="SSLServerCertificate" value="<fully_qualified_certificate_name>"/>
- Default setting:
- None
- Usage notes:
- The certificate that is specified for the SSLServerCertificate keyword
is stored in the default keystore database unless you specified a
keystore database using the SSLClientKeystoredb keyword
with the SSLClientKeystoreDBPassword or SSLClientKeyStash keyword.
The
certificate can be either self-signed certificate from a server or
signed by a trusted certificate authority.
The
SSLServerCertificate keyword
can be set when all the following conditions are met:
- The SSL value is specified for one of the following
keywords or a parameter:
- The Security CLI keyword.
The Security CLI keyword
applies only to CLI applications.
- The SecurityTransportMode IBM data server driver configuration keyword.
- The DB2® server
is using a self-signed certificate or a CA certificate, which is not
present in the existing keystore database.
- The DB2 client
product that is installed is the DB2 Version
10.5 Fix Pack 5 or
later fix pack releases.
- <fully_qualified_certificate_name>
- A fully qualified path of the certificate file and the certificate
file name. Only one fully qualified certificate name can be specified.
The fully qualified certificate name must be unique and it cannot already
exist in the keystore database. You cannot specify any wildcard characters
or symbols that are specific to an operating system in the SSLServerCertificate keyword
value.
The CLI driver
and the IBM Data Server Provider for .NET use
the unique certificate label to add the certificate that is specified
with the SSLServerCertificate keyword to the
keystore database. The unique certificate label consists of full path
and the certificate file name.If you set the SSLServerCertificate keyword
in the <parameters> section of the IBM data server driver configuration file, all CLI connections
are attempted using that one certificate.
The SSLServerCertificate keyword
is not required if the certificate that is required to establish an
SSL connection is already stored in the keystore database.