If the server is configured for TLS/SSL client authentication, the server asks the client to verify its identity after the server identity has been proven. Similar to server authentication, the client sends a public certificate to the server to accept or deny. The client stores its public certificate in an encrypted file known as a keystore. Public certificates are paired with a private key in the keystore. To send the public certificate, the driver must access the private key.

Like the truststore, most keystores are password-protected. The driver must be able to locate the keystore and unlock the keystore with the appropriate password. Two connection options are available to the driver to provide this information: Keystore (KeyStore) and Keystore Password (KeyStorePassword). The value of KeyStore is a pathname that specifies the location of the keystore file. The value of Keystore Password is the password required to access the keystore.

The private keys stored in a keystore can be individually password-protected. In many cases, the same password is used for access to both the keystore and to the individual keys in the keystore. It is possible, however, that the individual keys are protected by passwords different from the keystore password. The driver needs to know the password for an individual key to be able to retrieve it from the keystore. An additional connection option, Key Password (KeyPassword), allows you to specify a password for an individual key.

The following examples show how to configure the driver to use data encryption via the SSL client authentication. In this configuration, since ValidateServerCertificate=1, the driver validates the certificate sent by the server and the host name specified by HostNameInCertificate.

Using a connection string: 
DRIVER=DataDirect 8.0 Autonomous REST Connector;EncryptionMethod=1;
       RESTConfigFile=/users/jsmith/path/to/myrest.rest
       HostNameInCertificate=MySubjectAltName;Keystore=KeyStoreName;
       KeystorePassword=YourKSPassword;ValidateServerCertificate=1
Using the odbc.ini file:
Driver=ODBCHOME/lib/ivautorestxx.so
Description=DataDirect Autonomous REST Connector
...
EncryptionMethod=1
...
HostName=YourServer
HostNameInCertificate=MySubjectAltName
...
Truststore=TrustStoreName
TruststorePassword=TSXYZZY
...
RESTConfigFile=/users/jsmith/path/to/myrest.rest
...
ValidateServerCertificate=1
...