I believe that responding to a possible server request for a client certificate is the only purpose for the certificate label parameter *in a client configuration.*
For a server, the label is a possible alternative to the usual convention of having the server present the default certificate on the ring. It could instead present the certificate indicated by a label parameter. I don't know that most servers support such an option. I am most familiar with the FTP server, and I believe that it does not. Charles On Tue, 15 Aug 2023 16:42:17 -0400, Phil Smith III <[email protected]> wrote: >Peter Sylvester wrote: > >>it would be helpful, if you describe your scenario in more details: > > > >I'll short-circuit this: the STC is a client but is not using a client cert. >It's just doing a GET via HTTPS. > > > >My confusion was that: > >a. The doc doesn't really make it clear that a label is only meaningful >for a client cert. So in our reading, it was a way to force a specific cert in >the database to be selected-either for control (admittedly odd) or perhaps for >performance, as a quick way to get right to the right one. In my case, I was >using it as a debugging aid, to know which cert was the good one for the >connection. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
