Security CLI/ODBC configuration keyword

Specifies whether the Secure Socket Layer (SSL) protocol is used for a connection to the database server.

db2cli.ini keyword syntax:
Security = SSL
Default setting:
None.
Usage notes:
The Security keyword specifies whether the TCP/IP with SSL protocols are used in connection to the database server. The security keyword can be used only with the following communication protocols:
  • TCPIP
  • TCPIP4
  • TCPIP6
The Security keyword can be set in the [Data Source] section of the db2cli.ini file, or in a connection string.

When the Security keyword is set to SSL, you can specify the keystore database with the SSLClientKeystoredb keyword. The keystore database that is specified with the SSLClientKeystoredb keyword can be access using either the password that is set with the SSLClientKeystoreDBPassword keyword or the stash file that is set with the SSLClientKeystash keyword.

If the SSLClientKeystoredb keyword is not set, the driver generates an in-memory keystore when the application calls one of the following functions.
  • SQLDriverConnect()
  • SQLConnect()
  • SQLBrowseConnect()
Subsequent calls to these functions in the same application process share the previously created in-memory keystore. The in-memory keystore is destroyed when the application closes.

The in-memory keystore is populated with the DigiCert Global Root CA certificate. Applications connecting to a database server using a certificate signed by the DigiCert Global Root CA only need to set SecurityTransportMode = SSL and do not need to set SSLServerCertificate, SSLClientKeystoredb, SSLClientKeystash, or SSLClientKeystoredbpassword. The DigiCert Global Root CA is used for TLS connections to DashDB, SQLDB, and Db2 Warehouse on Cloud from version 11.0 and later.