Skip to main content
IBM Redbooks

IBM DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server Communications

An IBM Redpaper publication

thumbnail 

Published on 23 February 2022, updated 23 August 2024

  1. .EPUB (0.5 MB)
  2. .PDF (5.3 MB)
Google Play BooksRead in Google Books
Share this page:
 
 

ISBN-10: 0738460281
ISBN-13: 9780738460284
IBM Form #: REDP-4799-02

Authors: Chris Meyer and Derek Tempongko

    menu icon

    Abstract

    This IBM® Redpaper publication provides information about how to set up and configure IBM Db2® for z/OS® with Transport Layer Security (TLS), which is the modern version of Secure Sockets Layer (SSL). This configuration is accomplished by using the IBM z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS) services.

    This paper also describes the steps for configuring TLS/SSL support for the IBM Data Server Driver Package (DS Driver) for IBM Data Server Provider for .NET, Open Database Connectivity (ODBC), and Call Level Interface clients to access a Db2 for z/OS server. In addition, this paper provides information about configuring that same support for the Java Database Connectivity (JDBC) and Structured Query Language for Java (SQLJ for Type 4 connectivity) clients.

    The information that is provided is applicable to Db2 12 for z/OS and Db2 11 for z/OS.

    Although we use z/OS V2R4 as the referenced release in this paper, the instructions, except for a TLSv1.3 configuration, are valid for releases as early as z/OS V2R1.

    Throughout the paper, we reference z/OS Security Server or IBM Resource Access Control Facility (IBM RACF®) in various contexts. It should be understood that anywhere we mention RACF, it implies any System Authorization Facility (SAF)-compliant external security manager.

    The intended audience for this paper includes network administrators, security administrators, and database administrators who want to set up and configure TLS/SSL support for Db2 for z/OS.

    This paper presents more information about the more general contents of Security Functions of IBM DB2 10 for z/OS, SG24-7959.

    Table of Contents

    Overview of AT-TLS

    Configuring Db2 for z/OS as a server with TLS/SSL support

    Configuring Db2 for z/OS as a requester with TLS/SSL support

    Configuring Java applications by using IBM DS Driver for JDBC and SQLJ to use TLS/SSL

    Configuring the IBM DS Driver non-Java interfaces: Command-line interface, ODBC, and .NET

    Configuring remote client applications to use TLS/SSL through a Db2 Connect server for Linux, UNIX, and Windows

    Client access to Db2 by using TLS/SSL client authentication

    Using the Microsoft truststore

    Using the Windows keystore

     

    Others who read this also read