ssl_clnt_keydb - SSL key file path for outbound SSL connections at the client configuration parameter

This configuration parameter specifies the key file to be used for SSL connection at the client-side.

Configuration type
Database manager
Applies to
  • Database server with local and remote clients
  • Client
  • Database server with local clients
  • Partitioned database server with local and remote clients
Parameter type
Default [range]
Null [any valid path; GSK_MS_CERTIFICATE_STORE]

This parameter specifies a fully qualified file path of the key file. On Windows only, the keyword GSK_MS_CERTIFICATE_STORE can be specified which indicates to use Microsoft Windows Certificate Store.

The SSL key file can be a Certificate Management System (CMS) or PKCS12 type key database. It stores the signer certificate from the servers personal certificate. For a self-signed server personal certificate, the signer certificate is the public key. For a certificate authority signed server personal certificate, the signer certificate is the root CA certificate. The key file is accessed by the client to verify the servers personal certificate during the SSL handshake.

By default, the value is null. Depending on your application type, you should specify the client SSL key file path by the database manager configuration parameter ssl_clnt_keydb, the connection string ssl_clnt_keydb, or the db2cli.ini and db2dsdriver.cfg keyword SSLClientKeystoredb for a SSL connection request. If none of them is specified, the SSL connection fails.