Attribute

Truststore (TS)

Purpose

Specifies either the absolute path of the truststore file or the contents of the TLS/SSL certificates to be used when SSL is enabled (Encryption Method=1) and server authentication is used. The truststore file contains a list of the valid Certificate Authorities (CAs) that are trusted by the client machine for SSL server authentication. If you do not specify a directory, the current directory is used.

Valid Values

path | data://-----BEGIN CERTIFICATE-----certificate_content-----END CERTIFICATE-----

where:

path
is the absolute path of the truststore file. For example: C:\truststore\ca-bundle.cert.
certificate_content
is the content of the TLS/SSL certificate.

Notes

  • If you do not specify the path to the directory that contains the truststore file, the current directory is used for authentication.
  • When specifying content for multiple certificates, secify the content of each certificate between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. For example:
    -----BEGIN CERTIFICATE-----certificatecontent1-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----certificatecontent2-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----certificatecontent3-----END CERTIFICATE-----
    Note that the number of dashes (-----) must be the same before and after both BEGIN CERTIFICATE and END CERTIFICATE.
  • When specifying the certificate content for authentication, do not specify the truststore password. Since the truststore file is not required to be stored on the disk when the certificate content is specified directly, the driver need not unlock its contents.
  • The Trust Store field on the Driver setup dialog supports content up to 8192 characters in length. For specifying certificate content longer than 8192 characters, edit the registry and manually add the entry to the DSN.
  • On Windows platforms, if the required certificates are available in the Windows certificate store, the Trust Store and Truststore Password options need not be used.
  • Warning: If you are distributing the driver with your application, you must prevent your end users from setting the value for the Truststore option. The Truststore option provides a method for you to specify a truststore library file used for TLS/SSL encryption. However, if exposed, the option can be used to specify files that execute malicious or undesirable code. Refer to Security best practices for ODBC applications in the Progress DataDirect for ODBC Drivers Reference for more information.
  • The value specified for this option should be an absolute path to a mounted drive.

Default

No default value

GUI Tab

Security tab