ssl_svr_keydb - SSL key file path for incoming SSL connections at the server configuration parameter
This configuration parameter specifies the key file to be used for SSL setup at server-side.
- Configuration type
- Database manager
- Parameter type
- Configurable
- Default [range]
- Null [any valid path; GSK_MS_CERTIFICATE_STORE]
This parameter specifies a fully qualified file path of the key file. On Windows only, the keyword GSK_MS_CERTIFICATE_STORE can be specified to indicate use of Microsoft Windows Certificate Store.
The SSL key file can be a Certificate Management System (CMS) or PKCS12 type key database. The SSL key file stores personal certificates, personal certificate requests, and signer certificates. The key file is accessed during instance startup, and the server's personal certificate is sent to the client for server authentication during the SSL handshake.
By default, the value is NULL. During instance start up, you must ensure that the DB2COMM registry variable contains the string "SSL". Otherwise, the instance starts up without SSL protocol support.