SecurityTransportMode IBM data server driver configuration keyword

Sets the communication security type.

Equivalent CLI keyword
Security
Equivalent IBM® data server provider for .NET connection string keyword
Security
IBM data server driver configuration file (db2dsdriver.cfg) syntax
<parameter name="SecurityTransportMode" value="SSL"/>
Default setting:
There is no default setting.
Usage notes:
The SecurityTransportMode keyword specifies whether the TCP/IP with SSL protocols are used in connection to the database server. The default value is an empty string.

When the SecurityTransportMode keyword is set to SSL, you can specify the keystore database with the SSLClientKeystoredb keyword. The keystore database that is specified with the SSLClientKeystoredb keyword can be access using either the password that is set with the SSLClientKeystoreDBPassword keyword or the stash file that is set with the SSLClientKeystash keyword.

If the SSLClientKeystoredb keyword is not set, the driver generates an in-memory keystore when the application calls one of the following functions:
  • SQLDriverConnect()
  • SQLConnect()
  • SQLBrowseConnect()
Subsequent calls to these functions in the same application process share the previously created in-memory keystore. The in-memory keystore is destroyed when the application closes.

The in-memory keystore is populated with the following certificates. Applications connecting to a database server using a certificate signed by the DigiCert Global Root CA on ward only need to set SecurityTransportMode = SSL and do not need to set SSLServerCertificate, SSLClientKeystoredb, SSLClientKeystash, or SSLClientKeystoredbpassword.

Db2 11.5.6 and earlier
  • DigiCert Global Root CA
Db2 11.5.7 and Db2 11.5.8
  • Lets Encrypt Authority R3
  • ISRG Root CA X1
  • DigiCert Global Root CA
Db2 11.5.7 CSB and 11.5.8 CSB with KI DT223175, Db2 11.5.9
  • Lets Encrypt Authority R3
  • ISRG Root CA X1
  • DigiCert SHA2 Secure Server CA
  • DigiCert Global Root CA

The DigiCert Global Root CA is used for TLS connections to DashDB, SQLDB, and Db2 Warehouse SaaS from version 11.0 and later.