IBM DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server Communications

An IBM Redpaper publication

Published 23 February 2022, updated 25 February 2022

cover image

ISBN-10: 0738460281
ISBN-13: 9780738460284
IBM Form #: REDP-4799-02
(78 pages)

More options

Rate and comment

Authors: Chris Meyer, Derek Tempongko

Abstract

This IBM® Redpaper publication provides information about how to set up and configure IBM Db2® for z/OS® with Transport Layer Security (TLS), which is the modern version of Secure Sockets Layer (SSL). This configuration is accomplished by using the IBM z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS) services.

This paper also describes the steps for configuring TLS/SSL support for the IBM Data Server Driver Package (DS Driver) for IBM Data Server Provider for .NET, Open Database Connectivity (ODBC), and Call Level Interface clients to access a Db2 for z/OS server. In addition, this paper provides information about configuring that same support for the Java Database Connectivity (JDBC) and Structured Query Language for Java (SQLJ for Type 4 connectivity) clients.

The information that is provided is applicable to Db2 12 for z/OS and Db2 11 for z/OS.

Although we use z/OS V2R4 as the referenced release in this paper, the instructions, except for a TLSv1.3 configuration, are valid for releases as early as z/OS V2R1.
Throughout the paper, we reference z/OS Security Server or IBM Resource Access Control Facility (IBM RACF®) in various contexts. It should be understood that anywhere we mention RACF, it implies any System Authorization Facility (SAF)-compliant external security manager.

The intended audience for this paper includes network administrators, security administrators, and database administrators who want to set up and configure TLS/SSL support for Db2 for z/OS.

This paper presents more information about the more general contents of Security Functions of IBM DB2 10 for z/OS, SG24-7959.

Table of contents

Overview of AT-TLS
Configuring Db2 for z/OS as a server with TLS/SSL support
Configuring Db2 for z/OS as a requester with TLS/SSL support
Configuring Java applications by using IBM DS Driver for JDBC and SQLJ to use TLS/SSL
Configuring the IBM DS Driver non-Java interfaces: Command-line interface, ODBC, and .NET
Configuring remote client applications to use TLS/SSL through a Db2 Connect server for Linux, UNIX, and Windows
Client access to Db2 by using TLS/SSL client authentication
Using the Microsoft truststore
Using the Windows keystore

Follow IBM Redbooks

Follow IBM Redbooks