Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » SQL Anywhere Server - Database Administration » Database configuration » Database options » Alphabetical list of database options

trusted_certificates_file option

Specifies the file that contains the list of trusted Certificate Authority certificates when the database server acts as a client to an LDAP server.

Allowed values

String

Default

Empty string

Scope
  PUBLIC role For current user For other users
Allowed to set permanently? Yes, with SET ANY SECURITY OPTION No No
Allowed to set temporarily? Yes, with SET ANY SECURITY OPTION No No
Remarks

This option does not apply when the database server is a client for a secure web procedure.

An incoming TLS connection to the database server uses certificate settings set by the -ec server option. For the database server to act as a client to another server (for example, when the database server connects to an LDAP server) the Certificate Authority (CA) that signed the TLS certificate must be known.

For client connections, the trusted_certificates connection option is set with the path to a file containing a list of trusted CA certificates. Similarly, the trusted_certificates_file database option specifies trusted CA certificates when the database server acts as a client.

Setting this option to * or leaving it empty causes the software to use a certificate from the operating system certificate store if the LDAP URL begins with ldaps:// or if the LDAP server has been configured to use the TLS protocol.

When this option is set to NULL, no outbound TLS connections can be started because there are no trusted Certificate Authorities.

Example

In this example, the list of trusted certificate authorities that sign server certificates is found in a local file called trusted.txt:

SET OPTION PUBLIC.trusted_certificates_file = 'C:\\certificates\\shared\\trusted.crt';

In the following two examples, the list of trusted certificate authorities that sign server certificates is found in the operating system certificate store:

SET OPTION PUBLIC.trusted_certificates_file = '*';
SET OPTION PUBLIC.trusted_certificates_file = '';