Specifies the fully qualified name of a self-signed server
certificate or a certificate authority (CA) certificate.
- db2cli.ini keyword syntax:
- SSLServerCertificate = "<fully_qualified_certificate_name>"
- Default setting:
- None.
- Usage notes:
- The certificate that is specified for the SSLServerCertificate keyword
is stored in the default keystore database unless you specified a
keystore database using the SSLClientKeystoredb keyword
with the SSLClientKeystoreDBPassword or SSLClientKeyStash keyword.
The
certificate can be either self-signed certificate from a server or
signed by a trusted certificate authority.
The
SSLServerCertificate keyword
can be set when all the following conditions are met:
- The SSL value is specified for the Security CLI keyword
or the SecurityTransportMode IBM® data server driver configuration keyword.
- The DB2® server
is using a self-signed certificate or a CA certificate, which is not
present in the existing keystore database.
- The DB2 client
product that is installed is the DB2 Version
10.5 Fix Pack 5 or
later fix pack releases.
- <fully_qualified_certificate_name>
- A fully qualified path of the certificate file and the certificate
file name. Only one fully qualified certificate name can be specified.
The fully qualified certificate name must be unique and it cannot
already exist in the keystore database. You cannot specify any wildcard
characters or symbols that are specific to an operating system in
the SSLServerCertificate keyword value.
The CLI driver
uses the unique certificate label to add the certificate that is specified
with the SSLServerCertificate keyword to the
keystore database. The unique certificate label consists of full path
and the certificate file name.
If you set the SSLServerCertificate keyword
in the [COMMON] section of the db2cli.ini file,
all CLI connections
are attempted using that one certificate.
The SSLServerCertificate keyword
is not required if the certificate that is required to establish an
SSL connection is already stored in the keystore database.