Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

SSL Connection Over JDBC

SSL Connection Over JDBC for Oracle

search

SSL Connection Over JDBC for Oracle

Create Certificate

The steps demonstrated here are performed on a Windows DB2 machine version 11.5.

Before proceeding, ensure that GSKit lib is added to the PATH variable.

  1. Create a key database and configure your digital certificates.

    gsk8capicmd_64 -keydb -create -db "mydbserver.kdb" -pw "changeit"  -stash

  2. Add the certificate for the server to the key database.

    gsk8capicmd_64 -cert -create -db "mydbserver.kdb" -pw "changeit" -label "myselfsigned" -dn "CN=myhost.mycompany.com O=myOrganization, OU=myOrganizationUnit,L=myLocation,ST=ON,C=CA"

  3. Extract the certificate to a file.

    gsk8capicmd_64 -cert -extract -db "mydbserver.kdb" -pw "changeit" -label "myselfsigned" -target "mydbserver.arm" -format ascii -fips

  4. Set up SSL support.

    db2 update dbm cfg using SSL_SVR_KEYDB  "C:\Program Files\IBM\gsk8\bin\mydbserver.kdb"
db2 update dbm cfg using SSL_SVR_STASH "C:\Program Files\IBM\gsk8\bin\mydbserver.sth"
db2 update dbm cfg using SSL_SVR_LABEL myselfsigned
db2 update dbm cfg using SSL_SVCENAME 50443
db2 update dbm cfg using SSL_VERSIONS TLSv12

  5. Add the value SSL to the DB2COMM registry variable.

    #bash
db2set -i db2inst DB2COMM=SSL,TCPIP

    Note

    Replace db2inst with your db2 instance

  6. Restart DB2 instance.

     db2stop, db2start

  7. Verify SSL parameter.

    GET DATABASE MANAGER CONFIGURATION

Upload Certificate

The CA certificate can be uploaded either using REST interface or the CipherTrust Manager's GUI.

CipherTrust Manager's UI

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

  3. In the left pane, click Database Certificates and enter the following details.

    Field Description
    Name Unique name for certificate.
    Certificate Content of the cert.txt file in .PEM format.

  4. Click Upload.

The SSL setup is complete. You can now create database connection over SSL.

CipherTrust Manager's Rest interface

  1. Open the CipherTrust Manager URL in a browser. The login page is displayed.

  2. On the login page, click the API & CLI Documentation link. The API playground is displayed in the right.

  3. Click Authenticate.

  4. Enter username, password, domain, and click POST. The default domain is root.

  5. In the left pane, click CDP > Database.

  6. Click Upload - post. The Upload - post section is displayed on the right.

  7. In the body field, paste the CA certificate in the .pem format as shown below.

    {
    "name":"myCertCh",
    "cert":"-----BEGIN CERTIFICATE-----\nMIIBkDCB+gIBADANBgkqhkiG9w0BAQQFADARMQ8wDQYDVQQDEwZzZXJ2ZXIwHhcNMTkwNzMwMDQy\nODUyWhcNMjAwNzI5MDQyODUyWjARMQ8wDQYDVQQDEwZzZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQAD\ngY0AMIGJAoGBAMPJ9L0IanR5XxajKiLjEns2geFzYjCdOpIcqiHTH78D7N1nIm/XMWTbo7Bebi0V\nrirWM1LUakhHxUSV9L+nb1IMaAuk01/pmJaSbU8EPzcmujWoA66gKg2K0phExoT1RQ+QE+6pLBPl\nftSB8VLNiPcXx4GMQcUq9Kiw4CMmozvBAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAjxmFBnkkxp1K\n2gkDsfvz5Uq7bGvXwdO8M/j5Ryz812f4pzyCXbb8p4rkf9l27WJAJ6Ero9U07K7Rd8NqBJmReobq\nDcPQnp2y4dzsPI7/oMHfk69DkGIa4PHhEYcXWz37L33CBrxnASpqM6yc/thjARt73Ejs80foBkAf\nOG6//Cs=\n-----END CERTIFICATE-----"
}

  8. Click POST.

Select SSL

Add SSL connection on the CipherTrust Manager.