DB2 10.5 for Linux, UNIX, and Windows

SSLServerCertificate IBM data server driver configuration keyword

Specifies the fully qualified name of a self-signed server certificate or a certificate authority (CA) certificate.

Equivalent CLI keyword

SSLServerCertificate

Equivalent IBM® data server provider for .NET connection string keyword

SSLServerCertificate

IBM data server driver configuration file (db2dsdriver.cfg) syntax

<parameter name="SSLServerCertificate" value="<fully_qualified_certificate_name>"/>

Default setting:

None

Usage notes:

The certificate that is specified for the SSLServerCertificate keyword is stored in the default keystore database unless you specified a keystore database using the SSLClientKeystoredb keyword with the SSLClientKeystoreDBPassword or SSLClientKeyStash keyword.

The certificate can be either self-signed certificate from a server or signed by a trusted certificate authority.

The SSLServerCertificate keyword can be set when all the following conditions are met:

The SSL value is specified for one of the following keywords or a parameter:
- The Security CLI keyword. The Security CLI keyword applies only to CLI applications.
- The SecurityTransportMode IBM data server driver configuration keyword.
The DB2® server is using a self-signed certificate or a CA certificate, which is not present in the existing keystore database.
The DB2 client product that is installed is the DB2 Version 10.5 Fix Pack 5 or later fix pack releases.

<fully_qualified_certificate_name>: A fully qualified path of the certificate file and the certificate file name. Only one fully qualified certificate name can be specified. The fully qualified certificate name must be unique and it cannot already exist in the keystore database. You cannot specify any wildcard characters or symbols that are specific to an operating system in the SSLServerCertificate keyword value.

The CLI driver and the IBM Data Server Provider for .NET use the unique certificate label to add the certificate that is specified with the SSLServerCertificate keyword to the keystore database. The unique certificate label consists of full path and the certificate file name.

If you set the SSLServerCertificate keyword in the <parameters> section of the IBM data server driver configuration file, all CLI connections are attempted using that one certificate.

The SSLServerCertificate keyword is not required if the certificate that is required to establish an SSL connection is already stored in the keystore database.