Use SSLCAPATH parameter to specify the path to a directory containing OpenSSL compatible hashed filenames, either containing or pointing to files containing PEM encoded trusted certificates. To create compatible hashed file names, refer to the OpenSSL documentation. Creation of the hashed filenames requires the use of either the openssl x509 -hash command or the OpenSSL c_rehash utility. Some operating systems do not install either OpenSSL or the c_rehash utility by default. Hence, extra operating system configuration is required for that, and that process is outside the scope of this document. For the specific operating system platform, refer to the OpenSSL documentation.
This parameter can be set using the following methods:
- clispb.dat
- Environment variable
- Connection string
clispb.dat
Add the following line to clispb.dat:
sslcapath=<path to directory>Environment Variable
Before executing the client application, set the SSLCAPATH environment variable to the operating system specific path to the directory containing the hashed filename trusted certificates.
Non-Windows:
$ export SSLCAPATH=<path to directory>Windows:
C:\> set SSLCAPATH=<path to directory>Connection String
To specify the operating system specific path to the directory containing the hashed filename trusted certificates, use the following connection string parameter:
dbcarea.connect_ptr = “sslmode=verify-full;sslcapath=<path to directory>”