Progress DataDirect for ODBC for PostgreSQL Wire Protocol Driver User's Guide Release 8.0.2

Trust Store

Save PDF

Table of Contents

Trust Store

Save PDF

Last Updated: August 3, 2023
2 minute read

DataDirect Connectors
ODBC
PostgreSQL 8.0
Documentation

Attribute

Truststore (TS)

Purpose

Specifies either the path and file name of the truststore file or the contents of the TLS/SSL certificates to be used when SSL is enabled (Encryption Method=1) and server authentication is used.

Valid Values

truststore_directory\filename | data://-----BEGIN CERTIFICATE-----certificate_content-----END CERTIFICATE-----

where:

truststore_directory: is the path to the directory where the truststore file is located.
filename: is the file name of the truststore file.
certificate_content: is the content of the TLS/SSL certificate.

Notes

Warning: If you are distributing the driver with your application, you must prevent your end users from setting the value for the Truststore option. The Truststore option provides a method for you to specify a truststore library file used for TLS/SSL encryption. However, if exposed, the option can be used to specify files that execute malicious or undesirable code. Refer to Security best practices for ODBC applications in the Progress DataDirect for ODBC Drivers Reference for more information.
The value specified for this option should be an absolute path to a mounted drive.
If you do not specify the path to the directory that contains the truststore file, the current directory is used for authentication.
The keystore and truststore files may be the same file.
When specifying content for multiple certificates, secify the content of each certificate between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. For example:
```
-----BEGIN CERTIFICATE-----certificatecontent1-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----certificatecontent2-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----certificatecontent3-----END CERTIFICATE-----
```
Note that the number of dashes (-----) must be the same before and after both BEGIN CERTIFICATE and END CERTIFICATE.
When specifying the certificate content for authentication, do not specify the truststore password. Since the truststore file is not required to be stored on the disk when the certificate content is specified directly, the driver need not unlock its contents.
The Trust Store field on the Driver setup dialog supports content up to 8192 characters in length. For specifying certificate content longer than 8192 characters, edit the registry and manually add the entry to the DSN.
On Windows platforms, if the required certificates are available in the Windows certificate store, the Trust Store and Truststore Password options need not be used.
On Windows platforms, the driver validates the server certificate against the root certificates available in both truststore and Windows certificate store. If a matching certificate is found in either of the stores, the connection is established.

Default

No default value

GUI Tab

Security tab