To configure database connections under the IBM® Data Server Driver for JDBC and SQLJ to
use SSL, you need to set the DB2BaseDataSource.sslConnection property
to true.
Before you begin
Before a connection to a data source can use SSL, the port
to which the application connects must be configured in the database
server as the SSL listener port.
Procedure
- Set DB2BaseDataSource.sslConnection on
a Connection or DataSource instance. Alternatively, you
can set the db2.jcc.override.sslConnection or db2.jcc.sslConnection
configuration parameter on the driver instance.
- Optional: Set the location of the truststore
and the truststore password. You can set the truststore location without
the password, but it is best to set both values.
- Set DB2BaseDataSource.sslTrustStoreLocation on
a Connection or DataSource instance
to identify the location of the truststore. Alternatively, you
can set the db2.jcc.override.sslTrustStoreLocation or db2.jcc.sslTrustStoreLocation
configuration parameter on the driver instance. Setting
the sslTrustStoreLocation property is an alternative to setting the Java™ javax.net.ssl.trustStore property.
If you set DB2BaseDataSource.sslTrustStoreLocation, javax.net.ssl.trustStore is
not used.
- Optional: Set DB2BaseDataSource.sslTrustStorePassword on
a Connection or DataSource instance
to identify the truststore password. Alternatively, you
can set the db2.jcc.override.sslTrustStorePassword or db2.jcc.sslTrustStorePassword
configuration parameter on the driver instance. Setting
the sslTrustStorePassword property is an alternative to setting the Java javax.net.ssl.trustStorePassword property.
If you set DB2BaseDataSource.sslTrustStorePassword, javax.net.ssl.trustStorePassword is
not used.
- Optional: Set DB2BaseDataSource.sslCertLocation on
a Connection or DataSource to
specify the location of a trusted certificate file. Alternatively,
you can set the db2.jcc.override.sslCertLocation or db2.jcc.sslCertLocation
configuration parameter on the driver instance.
If sslConnection
property is set to true, and both sslCertLocation and sslTrustStoreLocation
properties are configured, IBM Data Server Driver for JDBC and SQLJ gives
precedence to the sslCertLocation property and ignores the sslTruststoreLocation
configuration. Therefore, only the certificate that is supplied through
sslCertLocation is considered trusted for an SSL connection with a
DB2 server.
Example
The following example demonstrates how to set the sslConnection
property on a
Connection instance:
java.util.Properties properties = new java.util.Properties();
properties.put("user", "xxxx");
properties.put("password", "yyyy");
properties.put("sslConnection", "true");
java.sql.Connection con =
java.sql.DriverManager.getConnection(url, properties);