Specifies the file that contains the list of trusted Certificate Authority certificates when the database server acts as a client to an LDAP server.
|PUBLIC role||For current user||For other users|
|Allowed to set permanently?||Yes, with SET ANY SECURITY OPTION||No||No|
|Allowed to set temporarily?||Yes, with SET ANY SECURITY OPTION||No||No|
This option does not apply when the database server is a client for a secure web procedure.
An incoming TLS connection to the database server uses certificate settings set by the -ec server option. For the database server to act as a client to another server (for example, when the database server connects to an LDAP server) the Certificate Authority (CA) that signed the TLS certificate must be known.
For client connections, the trusted_certificates connection option is set with the path to a file containing a list of trusted CA certificates. Similarly, the trusted_certificates_file database option specifies trusted CA certificates when the database server acts as a client.
Setting this option to * or leaving it empty causes the software to use a certificate from the operating system certificate store if the LDAP URL begins with ldaps:// or if the LDAP server has been configured to use the TLS protocol.
When this option is set to NULL, no outbound TLS connections can be started because there are no trusted Certificate Authorities.
In this example, the list of trusted certificate authorities that sign server certificates is found in a local file called trusted.txt:
SET OPTION PUBLIC.trusted_certificates_file = 'C:\\certificates\\shared\\trusted.crt';
In the following two examples, the list of trusted certificate authorities that sign server certificates is found in the operating system certificate store:
SET OPTION PUBLIC.trusted_certificates_file = '*';
SET OPTION PUBLIC.trusted_certificates_file = '';