DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server Communications

An IBM Redpaper publication

Published 19 October 2014, updated 19 March 2015

cover image

IBM Form #: REDP-4799-01
(62 pages)

More options

Rate and comment

Authors: Chris Meyer, Paolo Bruni


This IBM® Redpaper™ publication provides information about how to set up and configure IBM DB2® for z/OS® with Transport Layer Security (TLS), the modern version of Secure Sockets Layer (SSL). This configuration is accomplished using the IBM z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS) services.

This paper also describes the steps for configuring TLS/SSL support for the IBM Data Server Driver Package (DS Driver) for IBM Data Server Provider for .NET, Open Database Connectivity (ODBC), and call level interface (CLI) clients to access a DB2 for z/OS server. In addition, this paper provides information about configuring that same support for the Java Database Connectivity (JDBC) and Structured Query Language for Java (SQLJ for Type 4 connectivity) clients.

The information provided is applicable to DB2 11 for z/OS and DB2 10 for z/OS.

Although we use z/OS V2R1 as the reference release in this paper, the instructions are valid on releases as early as z/OS V1R11.
Throughout the paper, we reference z/OS Security Server, or IBM Resource Access Control Facility (IBM RACF®) in a variety of contexts. It should be understood that anywhere we mention RACF, it implies any System Authorization Facility (SAF) external security manager.

The intended audience for this paper includes network administrators, security administrators, and database administrators who want to set up and configure TLS/SSL support for DB2 for z/OS.

Follow IBM Redbooks

Follow IBM Redbooks