HADR_SSL_LABEL - Label name in the key file for encrypted communication between HADR primary and standby instances configuration parameter
This configuration parameter specifies the label of the Transport Layer Security (TLS) certificate that encrypts communication between primary and standby HADR instances in the key database.
- Configuration type
- Database
- Parameter type
- Configurable online1
- Default [range]
- NULL [certificate-label-name]
Specifies the label for the TLS
certificate used to encrypt communication between primary and secondary HADR
instances:
db2 update database configuration for <database_name> using HADR_SSL_LABEL <label_name>
HADR_SSL_LABEL
accepts a label name of up to 127 characters Specifying the HADR_SSL_LABEL
parameter indicates that you would like TLS communication between primary and standby HADR
instances. If an existing certificate expires and you specify a new label, existing encrypted
connections will use the old certificate but any new connections created after will use the new
certificate.HADR_SSL_LABEL is currently supported on environments that do not use IBM® Db2® pureScale®. If you upgrade from Enterprise Server Edition (ESE) to Db2 pureScale while the HADR_SSL_LABEL is set, db2checkSD will return the error DBT5038N. Users should set the value to NULL before trying to upgrade to Db2 pureScale.
1 Changes to
this parameter do not affect any established HADR connections. The change takes effect for new
connections between primary and standby HADR servers after certain operations are run. For more
information, see Renewing or replacing the TLS certificate in an HADR configuration