DB2 10.5 for Linux, UNIX, and Windows
DB2 10.5 for Linux, UNIX, and Windows
Specifies whether the Secure Socket Layer (SSL) protocol is used for a connection to the database server.
When the Security keyword is set to SSL, you can specify the keystore database with the SSLClientKeystoredb keyword. The keystore database that is specified with the SSLClientKeystoredb keyword can be access using either the password that is set with the SSLClientKeystoreDBPassword keyword or the stash file that is set with the SSLClientKeystash keyword.
If you have not set the SSLClientKeystoredb keyword with the SSLClientKeystoreDBPassword or SSLClientKeyStash keyword, the CLI driver internally generates a unique default keystore database name and a corresponding keystore database password when application allocates the first environment handle. The unique default keystore database name is based on the process ID of the application that consists of the client_<PID>.kdb format. The keystore database is not created at the time of first environment handle allocation and only the default unique keystore database name is generated.
For the IBM® Data Server Client, IBM Data Server Runtime Client, and IBM database server products, the default keystore database is located in the <instance_path>/cfg/ directory.
For the IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI products, the default keystore database is located in the <install_path>/cfg/ directory.
The default keystore database is removed once the application process ID no longer exists on the system. If an abnormal termination of the application process occurs, you must delete the default keystore database to prevent unnecessary disk usage.
In DB2® Version 10.5 Fix Pack 5 and later fix packs, you do not have to obtain the IBM Global Security Kit (GSKit) product separately for establishing SSL connections to a DB2 database server. However, for the certificate-based authentication, you must still download and configure the GSKit product.