HostNameInCertificate
- Last Updated: August 5, 2024
- 1 minute read
- DataDirect Connectors
- JDBC
- IBM Db2 5.1
- MySQL 5.1
- Progress OpenEdge 5.1
- SAP Sybase 5.1
- Documentation
Purpose
Specifies a host name for certificate validation when SSL encryption is enabled
(EncryptionMethod=SSL) and validation is enabled
(ValidateServerCertificate=true). This property is optional and provides
additional security against man-in-the-middle (MITM) attacks by ensuring that the server the
driver is connecting to is the server that was requested.
Valid Values
host_name | #SERVERNAME#
where:
- host_name
- is a valid host name.
Behavior
If host_name is specified, the driver compares the specified host name to the DNSName value of the SubjectAlternativeName in the certificate. If the certificate does not have a SubjectAlternativeName, the driver compares the host name with the Common Name (CN) part of the certificate. If the values do not match, the connection fails and the driver throws an exception.
If #SERVERNAME# is specified, the driver
compares the server name that is specified in the connection URL or data source of the
connection to the DNSName value of the SubjectAlternativeName in the certificate. If the
certificate does not have a SubjectAlternativeName, the driver compares the host name to the
CN part of the certificate’s Subject name. If the values do not match, the connection fails
and the driver throws an exception. If multiple CN parts are present, the driver validates
the host name against each CN part. If any one validation succeeds, a connection is
established.
Notes
- If SSL encryption or certificate validation is not enabled, this property is ignored.
- If SSL encryption and validation is enabled and this property is unspecified, the driver uses the server name specified in the connection URL or data source of the connection to validate the certificate.
Default
empty string
Data Type
String