TLS Client Configuration
Configuring TLS on clients depends on the type of client. GCC/GCA-based clients are installed as part of an Ingres server/Ingres client installation and use common configuration settings in the client installation (including config.dat). The GCD(DAMP)-based clients (jdbc, dotNet) install as standalone and do not use the config.dat or other configurations which are used by the Ingres server/client installations. The clients can enable usage of TLS per connection.
The config.dat configuration items are required for GCC/GCA-based clients to use the TLS driver to connect to TLS enabled server (GCC/GCD). These are per-installation configurations, meaning all the clients from this installation will use these settings.
ii.<hostname>.gcf.enforce_ssl_server_certificate_validation : ON/OFF
ON: The default setting. The certificate provided by the server is checked for validity based on the certificates available in the client certificate store. An error reports (and connection will be aborted) for invalid certificates, such as, if the server hostname does not match with the one in certificate or validity of the certificate is expired.
OFF: No server certificate validation is done. The connection will be encrypted but MITM attacks are possible. Client certificate store will not be used in this case (no certificate will be loaded and what ever value present is not validated)
Last modified date: 01/27/2026