SecurityTransportMode IBM data server driver configuration keyword

When the SecurityTransportMode keyword is set to SSL, you can specify the keystore database with the SSLClientKeystoredb keyword. The keystore database that is specified with the SSLClientKeystoredb keyword can be access using either the password that is set with the SSLClientKeystoreDBPassword keyword or the stash file that is set with the SSLClientKeystash keyword.

If you have not set the SSLClientKeystoredb keyword with the SSLClientKeystoreDBPassword or SSLClientKeyStash keyword, the CLI driver or the IBM Data Server Provider for .NET internally generates a unique default keystore database name and a corresponding keystore database password when application allocates the first environment handle. The unique default keystore database name is based on the process ID of the application that consists of the client_<PID>.kdb format. The keystore database is not created at the time of first environment handle allocation and only the default unique keystore database name is generated.

If you are using the IBM Data Server Provider for .NET and the SecurityTransportMode keyword is set to SSL, the default keystore database is created for each application process ID in the cfg subpath when the database connection is attempted.

For the IBM Data Server Client, IBM Data Server Runtime Client, and IBM database server products, the default keystore database is located in the <instance_path>/cfg/ directory.

For the IBM Data Server Driver Package and IBM Data Server Driver for ODBC and CLI products, the default keystore database is located in the <install_path>/cfg/ directory.

The default keystore database is removed once the application process ID no longer exists on the system. If an abnormal termination of the application process occurs, you must delete the default keystore database to prevent unnecessary disk usage.