HADR_SSL_LABEL - Label name in the key file for encrypted communication between HADR primary and standby instances configuration parameter

This configuration parameter specifies the label of the Transport Layer Security (TLS) certificate that encrypts communication between primary and standby HADR instances in the key database.

Configuration type
Parameter type
Configurable online1
Default [range]
NULL [certificate-label-name]
Specifies the label for the TLS certificate used to encrypt communication between primary and secondary HADR instances:
db2 update database configuration for <database_name> using HADR_SSL_LABEL <label_name>
HADR_SSL_LABEL accepts a label name of up to 127 characters Specifying the HADR_SSL_LABEL parameter indicates that you would like TLS communication between primary and standby HADR instances. If an existing certificate expires and you specify a new label, existing encrypted connections will use the old certificate but any new connections created after will use the new certificate.

HADR_SSL_LABEL  is currently supported on environments that do not use IBM® Db2® pureScale®. If you upgrade from Enterprise Server Edition (ESE) to Db2 pureScale while the HADR_SSL_LABEL is set, db2checkSD will return the error DBT5038N. Users should set the value to NULL before trying to upgrade to Db2 pureScale.

1 Changes to this parameter do not affect any established HADR connections. The change takes effect for new connections between primary and standby HADR servers after certain operations are run. For more information, see Renewing or replacing the TLS certificate in an HADR configuration