SSLServerCertificate IBM data server driver configuration keyword
Specifies the fully
qualified name of a self-signed server certificate or a certificate
authority (CA) certificate.
- Equivalent CLI keyword
- SSLServerCertificate
- Equivalent IBM® data server provider for .NET connection string keyword
- SSLServerCertificate
- IBM data server driver configuration file (db2dsdriver.cfg) syntax
<parameter name="SSLServerCertificate" value="<fully_qualified_certificate_name>"/>- Default setting:
- None
- Usage notes:
- For the CLI driver and the
IBM Data Server Provider for
.NET, the certificate that is specified for the SSLServerCertificate keyword
is stored in the default keystore database unless you specified a keystore database using the
SSLClientKeystoredb keyword with the
SSLClientKeystoreDBPassword or SSLClientKeyStash
keyword.
The certificate can be either self-signed certificate from a server or signed by a trusted certificate authority.
Starting in Db2® V11.1 MP4 FP5, the keyword will be accepted even when binary encoded certificates, such as .crt files, are specified.
The SSLServerCertificate keyword can be set for use with the CLI driver or the IBM Data Server Provider for .NET when all the following conditions are met:- The SSL value is specified for one of the following keywords or a parameter:
- The Security CLI keyword. The Security CLI keyword applies only to CLI applications.
- The SecurityTransportMode IBM data server driver configuration keyword.
- The data server uses a self-signed certificate or a CA certificate, which is not present in the existing keystore database.
- The client product that is installed is compatible with Fix Pack 5 or later fix pack releases.
For the CLPPlus interface, the certificate that is specified for the SSLServerCertificate keyword is managed by the Java™ APIs and the keystore database is not used. The SSLServerCertificate keyword can be set for use with the CLPPlus interface when the following conditions are met:- The SecurityTransportMode keyword is set to SSL.
- The data server uses a self-signed certificate.
- The client product that is installed is compatible with Fix Pack 7or later fix pack releases.
The CLI driver and the IBM Data Server Provider for .NET use the unique certificate label to add the certificate that is specified with the SSLServerCertificate keyword to the keystore database. The unique certificate label consists of full path and the certificate file name.- <fully_qualified_certificate_name>
- A fully qualified path of the certificate file and the certificate file name. Only one fully qualified certificate name can be specified. The fully qualified certificate name must be unique and it cannot already exist in the keystore database. You cannot specify any wildcard characters or symbols that are specific to an operating system in the SSLServerCertificate keyword value.
If you set the SSLServerCertificate keyword in the
<parameters>section of the IBM data server driver configuration file, all CLI connections are attempted using that one certificate.The SSLServerCertificate keyword is not required if the certificate that is required to establish an SSL connection is already stored in the keystore database.
- The SSL value is specified for one of the following keywords or a parameter: