Establishing a client connection using transport-layer security

To set up client applications to use transport-layer security, use the Encryption [ENC] connection parameter in your connection string. The connection string takes the following form (which must be written all on one line):

Encryption=tls(
 [ fips={ y | n }; ]
   trusted_certificates=public-certificate
 [ certificate_company=organization; ]
 [ certificate_name=common-name; ]
 [ certificate_unit=organization-unit ] )

public-certificate is the path and file name of a file that contains one or more trusted certificates. If you are using FIPS-certified RSA encryption, you must generate your certificates using RSA.
organization forces the client to accept server certificates only when the Organization field on the certificate matches this value.
common-name forces the client to accept server certificates only when the Common Name field on the certificate matches this value.
organization-unit forces the client to accept server certificates only when the Organization Unit field on the certificate matches this value.

Example

The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt.

"UID=DBA;PWD=sql;Host=myhost;Server=myserver;
ENC=tls(trusted_certificates=public_cert.crt)"

The following example uses the trusted_certificates encryption connection parameter to specify the certificate, public_cert.crt, and verifies certificate fields using the certificate_unit and certificate_name encryption connection parameters.

"UID=DBA;PWD=sql;Host=myhost;Server=myserver;
ENC=tls(trusted_certificates=public_cert.crt;
certificate_unit=test_unit;certificate_name=my_certificate)"

Discuss this page in DocCommentXchange.

Establishing a client connection using transport-layer security

See also

Example