Neoview ODBC Drivers Manual (R2.5)
IMPORTANT: You must have write permission for the certificate directory. If you do not, the
download fails and an error is returned.
NOTE: The most common way to identify the home directory is the HOME environment
variable. If that variable is not set on the workstation, the security framework uses the
HOMEDRIVE and HOMEPATH environment variables. If those variables are not set either, an
error is reported.
Specifying the Certificate File Location
The Neoview security infrastructure requires that a certificate be installed on each workstation
that connects to a Neoview platform. A system security policy, under the control of your Security
Manager, determines how the certificate is deployed to workstations:
• If your Neoview system is configured to permit automatic download, the ODBC driver
automatically downloads a certificate to the workstation when it first connects to a Neoview
platform. Because the same workstation can connect to multiple Neoview platforms, the
driver downloads a unique certificate for every Neoview platform to which the workstation
connects.
• In configurations that do not permit automatic download, the certificate is deployed to your
workstation in accordance with your own corporate security procedures.
In either case, three ODBC connection attributes specify the location of the certificate file:
• SQL_ATTR_CERTIFICATE_DIR specifies the directory where the certificate resides. If you
do not specify this attribute, the home directory applies by default.
• SQL_ATTR_CERTIFICATE_FILE specifies the file where a new certificate is deployed. This
is the location to which a new certificate must be deployed if automatic download is
prohibited. By default, the filename is SYSTEM_NAME.cer, where SYSTEM_NAME consists
of the first five characters of the Neoview platform name.
• SQL_ATTR_CERTIFICATE_FILE_ACTIVE specifies the filename of the certificate used for
connection. This is the location to which a certificate is automatically downloaded if automatic
download is permitted by the security policy. By default, the filename is
SYSTEM_NAMEActive.cer, where SYSTEM_NAME consists of the first five characters of
the Neoview platform name.
The maximum length of each of these attributes is 128 characters.
You can specify the certificate location in the connection string, using the CERTIFICATEDIR,
CERTIFICATEFILE, and CERTIFICATEFILE_ACTIVE attributes:
"DSN=QRK0101;UID=REGEAST\USER1;PWD=pass1234;ROLENAME=ROLE.MGR;
CERTIFICATEDIR=C:\Security\MyCertificateDir;CERTIFICATEFILE=SEC01.cer;CERTIFICATEFILE_ACTIVE=SEC01Active.cer"
You can also specify the directory as the value of the NeoviewCertificateDir entry in the MXODSN
or odbc.ini file:
ODBC] << --- ODBC section
TraceFlags = DEBUG
TraceStart = 0
TraceFile = TRLOG
NeoviewCertificateDir = /h/bwell/certdir
[ODBC Data Sources]
TDM_Default_DataSource = Neoview Data Source
[TDM_Default_DataSource] << --- DataSource section
Description = TDM_Default_DataSource
NeoviewCertificateDir = /h/bwell/custom/certdir <<-- overrides the one specified ion the ODBC section
Catalog = NEO
Schema = ODBC_SCHEMA
DataLang = 0
FetchBufferSize = SYSTEM_DEFAULT
Server = TCP:neo0101.parnet.com:18650
SQL_ATTR_CONNECTION_TIMEOUT = NO_TIMEOUT
SQL_LOGIN_TIMEOUT = SYSTEM_DEFAULT
Passwords and Server Certificates 37