0 / 0
SSL connectivity in Data Virtualization
Last updated: Nov 26, 2024
SSL connectivity in Data Virtualization

The Data Virtualization instance uses a certificate for SSL connections that is issued by a third-party digital certificate authority (CA).

SSL connectivity

The CA certificate is part of the Db2® driver package. If your application connects with a driver from the Db2 driver package, you do not need to download the certificate separately. You can download the Db2 driver package from the web console.

However, if your application has its own driver, you might need to download the certificate separately. You can download the certificate from the web console.

Secure Sockets Layer (SSL) is a security protocol that provides communication privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. SSL-enabled client applications use standard encryption techniques to help ensure secure communication.

Configuring your Db2 client

The IBM® Global Security Kit (GSkit) ships with Db2 release 9.5 and later. However, if the GSKit needs to be downloaded and configured, see Configuring GSKit.

  1. Run the following commands to download the SSL certificate from the web console into a new directory.
    db2inst1@macing1:/home/db2inst1> mkdir SSL
    db2inst1@macing1:/home/db2inst1> cd SSL
    db2inst1@macing1:/home/db2inst1/SSL>
  2. Create keystore in the SSL directory. The following example command pertains to Linux®.
    gsk8capicmd_64 -keydb -create -db "mykeystore.kdb" -pw "passw0rd" -stash
    Note: You must have permission to write to the directory or you get an error.
  3. Add SSL certificate to the keystore. The following example command pertains to Linux.
    gsk8capicmd_64 -cert -add -db "mykeystore.kdb" -pw "passw0rd" -label ACIBLUDB_SSL -file /home/db2inst1/SSL/DigiCertGlobalRootCA.crt
  4. Update the Db2 database manager. The following example command pertains to Linux.
    db2 update dbm cfg using SSL_CLNT_KEYDB /home/db2inst1/SSL/mykeystore.kdb
    db2 update dbm cfg using SSL_CLNT_STASH /home/db2inst1/SSL/mykeystore.sth

Connecting to your database

The hostname, port, username, and password of the <BLUDB_database_server> can be found in the Service credentials for the service in the IBM Cloud console.

  1. Catalog the node and database. The following example commands pertain to Linux.
    db2 catalog tcpip node ACICLD_S remote <hostname_of_BLUDB_database_server> server <port_of_BLUDB_database_server> security SSL
    db2 catalog db BLUDB as ACIBLU_S at node ACICLD_S
  2. Connect to your database with an SSL connection. The following example commands pertain to Linux.
    db2 terminate
    db2 connect to ACIBLU_S user <user_name> using <password>

For more information, see Configuring Secure Sockets Layer (SSL) support in non-Java™ Db2 clients.

Configuring GSKit

  1. Download the IBM Global Security Kit (GSKit) by selecting the GSKit appropriate for your operating system (OS).
  2. Download the SSL certificate from the Connection Information section of the Data Virtualization web console. Store the SSL certificate file in a directory that can be referenced in a subsequent command.
  3. Install the GSKit. See the following links for instructions.

    For more information, see IBM Global Security Kit global installation instructions overview.

  4. Set the following environment variable paths:

    AIX
    LIBPATH/usr/opt/ibm/gsk8/lib
    Linux
    LD_LIBRARY_PATH/usr/local/ibm/gsk8/lib
    UNIX
    LD_LIBRARY_PATH/opt/ibm/gsk8/lib
    Windows
    PATH<installation_directory>\gsk8\bin\<installation_directory>\gsk8\lib(lib64 for GSKit 64-bit)