|
|
|
In V11.5 and later, the FairCom DB ADO.NET provider supports TLS/SSL connections per Microsoft specifications.
The ADO.NET provider requires ctsrvr.pem to be added to the trusted root certificate store on the client machine for the .NET framework's certificate authentication to succeed:
CertMgr.exe /add ctsrvr.pem /c /s /r localMachine root
Note that the Common Name specified in the server certificate is the name that the application must specify in the ADO.NET connection string for the TLS option.
For this certificate, we used support.faircom.com as the Common Name, and so the ADO.NET connection string must specify sslcert=support.faircom.com for the TLS authentication to succeed.
Connection String
The ADO.NET connection string is similar to the JDBC string. The connection string accepts a new property:
ssl=<value>
which can have two values:
In the case of peerAuthentication the server certificate Common Name must be provided by the new property:
sslcert=<value>
If this property is not specified, the value of the Server setting is used to match the certificate.
Examples:
"UID=ADMIN;PWD=ADMIN;Database=CtreeSQL;Server=localhost;Service=6597;ssl=basic";
"UID=ADMIN;PWD=ADMIN;Database=CtreeSQL;Server=localhost;Service=6597;ssl=peerAuthentication;sslcert=support.faircom.com";
In V11.2.3 and later, a connectionidletimeout connection-string option is available to indicate how long the connection may stay idle in the pool before getting closed and removed from the pool. This option is separate from the existing connection timeout option, which has a different meaning in ADO connection pool.
