IBM DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server Communications

Front Cover
IBM Redbooks, Aug 23, 2024 - Computers - 78 pages

This IBM® Redpaper publication provides information about how to set up and configure IBM Db2® for z/OS® with Transport Layer Security (TLS), which is the modern version of Secure Sockets Layer (SSL). This configuration is accomplished by using the IBM z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS) services.

This paper also describes the steps for configuring TLS/SSL support for the IBM Data Server Driver Package (DS Driver) for IBM Data Server Provider for .NET, Open Database Connectivity (ODBC), and Call Level Interface clients to access a Db2 for z/OS server. In addition, this paper provides information about configuring that same support for the Java Database Connectivity (JDBC) and Structured Query Language for Java (SQLJ for Type 4 connectivity) clients.

The information that is provided is applicable to Db2 12 for z/OS and Db2 11 for z/OS.

Although we use z/OS V2R4 as the referenced release in this paper, the instructions, except for a TLSv1.3 configuration, are valid for releases as early as z/OS V2R1.
Throughout the paper, we reference z/OS Security Server or IBM Resource Access Control Facility (IBM RACF®) in various contexts. It should be understood that anywhere we mention RACF, it implies any System Authorization Facility (SAF)-compliant external security manager.

The intended audience for this paper includes network administrators, security administrators, and database administrators who want to set up and configure TLS/SSL support for Db2 for z/OS.

This paper presents more information about the more general contents of Security Functions of IBM DB2 10 for z/OS, SG24-7959.

 

Selected pages

Contents

Common terms and phrases

ACC(CONTROL ACCESS(READ AT-TLS policy AT-TLS policy rules certificate name filter certificates and key CLASS(FACILITY client access client certificate ClientAuthType configuration file configuration parameter create Db2 client Db2 Connect server Db2 for z/OS Db2 server default define digital certificates DRDA Driver for JDBC environment variable Example following command HandshakeRole IBM Db2 IBM DS Driver IBM GSKit ID(CERTMGR ID(DB2AUSER installed IRR.DIGTCERT.LIST Java application JDBC JDBC and SQLJ JSSE Kerberos key ring keystore keytool Linux messages ODBC option PAGENT started task pasearch password personal certificate port number private key RACDCERT command RACF commands RACF UID RACLIST RDATALIB REFRESH remote client secure connection secure port Secure Sockets Layer self-signed certificate SERVAUTH SETROPTS specify SQLJ stash file SYSLOGD System SSL TCP/IP stack TLS/SSL client authentication TLS/SSL handshake TLS/SSL support Transport Layer Security trusted context truststore TTLS TTLSEnvironmentAction TTLSRule UACC(NONE UNIX V2R4 Communications Server verify z/OS server z/OS subsystems z/OS UID z/OS V2R4 Communications

Bibliographic information

TitleIBM DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server Communications
AuthorsChris Meyer, Derek Tempongko, IBM Redbooks
PublisherIBM Redbooks, 2024
ISBN0738460281, 9780738460284
Length78 pages
Subjects ›  › 

Computers / Operating Systems / Mainframe & Midrange
  
Export CitationBiBTeX EndNote RefMan