DB2 Version 9.7 for Linux, UNIX, and Windows
DB2 Version 9.7 for Linux, UNIX, and Windows
The IBM® Data Server Driver for JDBC and SQLJ provides support for client support for certificate authentication for connections to DB2® for z/OS® Version 10 or later data servers.
Client certificate authentication security on a DB2 for z/OS data server supports the use of digital certificates for mutual authentication by requesters and servers. By using z/OS digital certificates, the Secure Socket Layer (SSL) protocol supports server and client authentication during the handshake phase. A data server can validate the certificates of a client at the server, which prevents the client from obtaining a secure connection without an installation-approved certificate. The authentication of the remote client's digital certificate is performed by Application Transparent Transport Layer Security (AT-TLS) that is provided with the z/OS Communications Server TCP/IP stack.
The IBM Data Server Driver for JDBC and SQLJ supports certificate authentication for IBM Data Server Driver for JDBC and SQLJ type 4 connectivity only.
You enable IBM Data Server Driver for JDBC and SQLJ certificate authentication by specifying DB2BaseDataSource.TLS_CLIENT_CERTIFICATE_SECURITY as the value of the securityMechanism Connection or DataSource property. If the target data server supports client certificate authentication, and the mutual authentication succeeds, the driver passes a valid Connection object to the application. If the data server does not support client certificate authentication, or the connection was not authenticated using AT-TLS and SSL, the driver throws DisconnectException.
You can use certificate authentication with or without a user ID or a password. If the application does not provide a user ID or password, authentication is performed at the network layer only. If a user ID or password is provided, authentication is performed at the network layer and the data server layer.
The following example demonstrates how to enable certificate authentication and user ID and password security in a JDBC application.
com.ibm.db2.jcc.DB2SimpleDataSource dataSource = new
com.ibm.db2.jcc.DB2SimpleDataSource();
// Specify certificate authentication
dataSource.setSecurityMechanism
(com.ibm.db2.jcc.DB2BaseDataSource.TLS_CLIENT_CERTIFICATE_SECURITY);
// Set a user ID and password to be passed to the data server
((com.ibm.db2.jcc.DB2BaseDataSource)dataSource).setUser("sysadm");
dataSource.setPassword("password”);
// Identify the SSL truststore, keystore and their passwords
System.setProperty("javax.net.ssl.trustStore","c:/temp/SSL/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.ssl.keyStore","c:/temp/SSL/myKS");
System.setProperty("javax.net.ssl.keyStorePassword","123456");
…
// Create a connection
con = dataSource.getConnection ();