Security CLI/ODBC and IBM data server driver configuration keyword
Specifies whether the Secure Socket Layer (SSL) protocol is used for a connection to the database server.
- db2cli.ini keyword syntax:
- Security = SSL
- IBM® data server driver configuration file (db2dsdriver.cfg) syntax:
- <parameter name="Security" value="SSL"/>
- Default setting:
- None.
- Usage notes:
- The Security keyword specifies whether the TCP/IP with SSL protocols are used in connection to the database server. The security keyword can be used only with the following communication protocols:The Security keyword can be set in the
- TCPIP
- TCPIP4
- TCPIP6
[Data Source]section of thedb2cli.inifile, or in a connection string.When the Security keyword is set to SSL, you can specify the keystore database with the SSLClientKeystoredb keyword. The keystore database that is specified with the SSLClientKeystoredb keyword can be access using either the password that is set with the SSLClientKeystoreDBPassword keyword or the stash file that is set with the SSLClientKeystash keyword.
If the SSLClientKeystoredb keyword is not set, the driver generates an in-memory keystore when the application calls one of the following functions:- SQLDriverConnect()
- SQLConnect()
- SQLBrowseConnect()
The in-memory keystore is populated with the following certificates. Applications connecting to a database server using a certificate signed by the DigiCert Global Root CA on ward only need to set SecurityTransportMode = SSL and do not need to set SSLServerCertificate, SSLClientKeystoredb, SSLClientKeystash, or SSLClientKeystoredbpassword.
Db2 11.5.6 and earlier- DigiCert Global Root CA
Db2 11.5.7 and Db2 11.5.8- Lets Encrypt Authority R3
- ISRG Root CA X1
- DigiCert Global Root CA
Db2 11.5.7 CSB and 11.5.8 CSB with KI DT223175, Db2 11.5.9- Lets Encrypt Authority R3
- ISRG Root CA X1
- DigiCert SHA2 Secure Server CA
- DigiCert Global Root CA
The DigiCert Global Root CA is used for TLS connections to DashDB, SQLDB, and Db2 Warehouse on Cloud from version 11.0 and later.