DB2 10.5 for Linux, UNIX, and Windows

Configuring connections under the IBM Data Server Driver for JDBC and SQLJ to use SSL

To configure database connections under the IBM® Data Server Driver for JDBC and SQLJ to use SSL, you need to set the DB2BaseDataSource.sslConnection property to true.

Before you begin

Before a connection to a data source can use SSL, the port to which the application connects must be configured in the database server as the SSL listener port.

Procedure

  1. Set DB2BaseDataSource.sslConnection on a Connection or DataSource instance. Alternatively, you can set the db2.jcc.override.sslConnection or db2.jcc.sslConnection configuration parameter on the driver instance.
  2. Optional: Set the location of the truststore and the truststore password. You can set the truststore location without the password, but it is best to set both values.
    1. Set DB2BaseDataSource.sslTrustStoreLocation on a Connection or DataSource instance to identify the location of the truststore. Alternatively, you can set the db2.jcc.override.sslTrustStoreLocation or db2.jcc.sslTrustStoreLocation configuration parameter on the driver instance. Setting the sslTrustStoreLocation property is an alternative to setting the Java™ javax.net.ssl.trustStore property. If you set DB2BaseDataSource.sslTrustStoreLocation, javax.net.ssl.trustStore is not used.
    2. Optional: Set DB2BaseDataSource.sslTrustStorePassword on a Connection or DataSource instance to identify the truststore password. Alternatively, you can set the db2.jcc.override.sslTrustStorePassword or db2.jcc.sslTrustStorePassword configuration parameter on the driver instance. Setting the sslTrustStorePassword property is an alternative to setting the Java javax.net.ssl.trustStorePassword property. If you set DB2BaseDataSource.sslTrustStorePassword, javax.net.ssl.trustStorePassword is not used.
  3. Optional: Set DB2BaseDataSource.sslCertLocation on a Connection or DataSource to specify the location of a trusted certificate file. Alternatively, you can set the db2.jcc.override.sslCertLocation or db2.jcc.sslCertLocation configuration parameter on the driver instance.

    If sslConnection property is set to true, and both sslCertLocation and sslTrustStoreLocation properties are configured, IBM Data Server Driver for JDBC and SQLJ gives precedence to the sslCertLocation property and ignores the sslTruststoreLocation configuration. Therefore, only the certificate that is supplied through sslCertLocation is considered trusted for an SSL connection with a DB2 server.

Example

The following example demonstrates how to set the sslConnection property on a Connection instance:
java.util.Properties properties = new java.util.Properties();
properties.put("user", "xxxx");
properties.put("password", "yyyy");
properties.put("sslConnection", "true");
java.sql.Connection con = 
  java.sql.DriverManager.getConnection(url, properties);