Configuring hostname validation for connections to alternate servers
The alternateserverlist Data Server Driver configuration parameter specifies alternate servers that a Db2® client can use if the initial connection to the database fails.
As explained in the topic Configuration of Db2 automatic client reroute support for applications other than Java, these alternate servers are not used after the initial connection.
When connecting to one of the alternate servers from this parameter, hostname validation is
successful if the server certificate matches one of the following:
- The primary hostname that the client configured
- The hostname of this alternate server as specified in alternateserverlist parameter
For example, if we have the following db2dsdriver.cfg file and the client
tries the alternate server abc.db2.example.com during the initial connection
because xyz.db2.example.com is down, the certificate returned by the server
must include either abc.db2.example.com or
xyz.db2.example.com for hostname validation to be
successful.
<configuration>
<dsncollection>
<dsn alias="test" name="testdb" host="xyz.db2.example.com" port="1234">
</dsn>
</dsncollection>
<databases>
<database name="testdb" host="xyz.db2.example.com" port="1234">
<acr>
<parameter name="enableAcr" value="true"/>
<parameter name="maxAcrRetries" value="10"/>
<parameter name="acrRetryInterval" value="5"/>
<parameter name="enableAlternateServerListFirstConnect" value="true"/>
<alternateserverlist>
<server name="server1" hostname="abc.db2.example.com" port="1234"/>
</alternateserverlist>
</acr>
</database>
</databases>
</configuration>