DB2 10.5 for Linux, UNIX, and Windows

SSLClientKeystash CLI/ODBC configuration keyword

Specifies the Secure Sockets Layer (SSL) stash file that is used for an SSL connection with or without the CERTIFICATE authentication.

db2cli.ini keyword syntax:
SSLClientKeystash = <fully qualified stash file path>
Default setting:
None.
Usage notes:
The SSLClientKeystash keyword can be set in the [Data Source] section of the db2cli.ini file for a data source, or in a connection string.

This parameter specifies the fully qualified path of the stash file (.sth), which stores an encrypted password to the key database file. The stash file is used to access the key database file during the SSL handshake. This parameter must be defined if the SSL protocol (security=SSL) is specified.

The SSLCLientKeystash keyword is mutually exclusive with the SSLClientKeystoreDBPassword keyword. If the SSL protocol (security=SSL) is specified with the SSLClientKeystoredb keyword, you must specify either the SSLClientKeystash or SSLClientKeystoreDBPassword keyword in the connection string, the CLI configuration file (db2cli.ini), or in the IBM® data server driver configuration file (db2dsdriver.cfg). Otherwise, the connection fail error is returned.

The ssl_client_keystash keyword is also supported to provide compatibility with earlier version.

Related tasks:
Configuring Secure Sockets Layer (SSL) support in non-Java DB2 clients
Related reference:
SSLClientKeystash IBM data server driver configuration keyword