This string configures the driver to use the TLS/SSL client authentication method. In this configuration, since ValidateServerCertificate=1, the driver validates the certificate sent by the server and the host name specified by HostNameInCertificate.

Note: The strings demonstrated in this section use the DSN-less format. For additional formats, see "Using a connection string". 
DRIVER=DataDirect 8.0 MySQL Wire Protocol;EncryptionMethod=1;Database=database_name;
HostName=host_name;HostNameInCertificate=hostnameincertificate;
PortNumber=port_number;Keystore=keystore_name;KeystorePassword=keystore_password;
ValidateServerCertificate=validate_server_certificate;EnableFIPS=enable_fips;

where:

database_name

specifies the name of the database to which you are attempting to connect.

host_name

specifies the name or the IP address of the server to which you want to connect.

hostnameincertificate

specifies a host name for certificate validation when TLS/SSL encryption is enabled (EncryptionMethod=1) and validation is enabled (ValidateServerCertificate=1).

port_number

specifies the port number of the server listener. Check with your Database Administrator for the correct number.

keystore_name

specifies the name of the directory containing the keystore file to be used when TLS/SSL is enabled (EncryptionMethod=1) and TLS/SSL client authentication is enabled on the database server.

keystore_password

specifies the password used to access the keystore file when TLS/SSL is enabled (EncryptionMethod=1) and TLS/SSL client authentication is enabled on the database server.

validate_server_certificate

determines whether the driver validates the certificate that is sent by the database server. When it is set to 1, the driver validates the certificates. When it is set to 0, the driver does not validate the certificates.

enable_fips

determines whether the driver loads the FIPS provider or the default provider. When Enable FIPS is set to 1, the driver loads the FIPS provider and when it is set to 0, the driver loads the default provider. The FIPS provider contains a set of approved cryptographic algorithms that conform to the Federal Information Processing Standards (FIPS) specified in FIPS 140-2.

Note:
  • The FIPS provider is supported only on the following platforms: Windows 64-bit, Linux 64-bit, and AIX 64-bit.
  • Do not set the Keystore Password connection option when using the FIPS provider. The keystore password uses the PKCS12KDF algorithm, which is not an approved FIPS algorithm. Hence, it must not be specified when using the FIPS provider.
  • For using the FIPS and default providers, the certificates must be generated using the OpenSSL 3.5-compliant cryptographic algorithms. See "Generating TLS/SSL certificates using OpenSSL 3.5-compliant algorithms" for more information.

The following example connection string includes the options for connecting with the TLS/SSL client authentication.

DRIVER=DataDirect 8.0 MySQL Wire Protocol;EncryptionMethod=1;Database=db1;
HostName=MyServer;HostNameInCertificate=MySubjectAltName;
PortNumber=3306;Keystore=KeyStoreName;KeystorePassword=YourKSPassword;
ValidateServerCertificate=1