Determines whether the driver and/or Schema Tool validates the certificate that is sent by the database server when SSL encryption is enabled. When using SSL server authentication, any certificate sent by the server must be issued by a trusted Certificate Authority (CA). Allowing the driver and/or Schema Tool to trust any certificate returned from the server even if the issuer is not a trusted CA is useful in test environments because it eliminates the need to specify truststore information on each client in the test environment.
Truststore information is specified using the Trust Store and Trust Store Password options.
For Windows platforms, the values specified for security-related options when creating a data source determine the behavior of both the driver and the Schema Tool.
To fully enable SSL on UNIX and Linux platforms, you must specify values for security-related options separately for the driver and the Schema Tool. For the driver, these values are specified in the data source or connection string used to configure the driver. For the Schema Tool, these values are specified when creating a schema definition with the Table Wizard. See "Using Security with the Schema Tool" for details.
In addition, the driver and Schema Tool use a different set of valid values when configuring the ValidateServerCertificate option. The valid values and behavior for both components are listed in the following sections.
Valid Values
For the driver:
0 | 1
For the Schema Tool:
true | false
Behavior
If set to 1 (Enabled) or true, the driver or Schema Tool validates the certificate that is sent by the database server. Any certificate from the server must be issued by a trusted CA in the truststore file. If the Host Name In Certificate option is specified, the driver and/or Schema Tool also validates the certificate using a host name. The Host Name In Certificate option provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver and/or Schema Tool is connecting to is the server that was requested.
If set to 0 (Disabled) or false, the driver or Schema Tool does not validate the certificate that is sent by the database server. The driver and/or Schema Tool ignores any truststore information specified by the Trust Store and Trust Store Password options.
For Windows platforms, the values specified for security-related options when creating a data source determine the behavior of both the driver and the Schema Tool.
To fully enable SSL on UNIX and Linux platforms, you must specify values for security-related options separately for the driver and the Schema Tool. For the driver, these values are specified in the data source or connection string used to configure the driver. For the Schema Tool, these values are specified when creating a schema definition with the Table Wizard. See "Using Security with the Schema Tool" for details.
