DB2 Version 9.7 for Linux, UNIX, and Windows

SSLClientKeystoredb CLI/ODBC configuration keyword

Specifies the SSL key database file that is used for certificate authentication.

db2cli.ini keyword syntax:
SSLClientKeystoredb = <fully qualified key file path>
Default setting:
None.
Usage notes:
In Version 9.7 Fix Pack 6 and later fix packs, the ssl_client_keystoredb keyword is replaced with the SSLClientKeystoredb keyword. The ssl_client_keystoredb keyword is still supported for compatibility with earlier releases.

The SSLClientKeystoredb keyword specifies the fully qualified path of the key database file (.kdb). The key database file stores the signer certificate from the server personal certificate. For a self-signed server personal certificate, the signer certificate is the public key of the personal certificate. For a certificate authority (CA) signed server personal certificate, the signer certificate is the root CA certificate of the CA that signed the personal certificate.

The SSLClientKeystoredb keyword can be set in the [Data Source] section of the db2cli.ini file, or in a connection string.

If the SSL protocol is used, where the security keyword is set to SSL (security=SSL), the SSLClientKeystoredb keyword parameter must be defined. The signer certificate from the server's personal certificate must also exist on the client for authentication to take place.

Parent topic: CLI/ODBC configuration keywords listing by category
Related tasks:
Configuring Secure Sockets Layer (SSL) support in non-Java DB2 clients
Related reference:
SSLClientKeystoredb IBM Data Server Driver configuration keyword