Configuring the IBM Data Server Driver for JDBC and SQLJ to use RACF key rings for SSL certificates

For an IBM Data Server Driver for JDBC and SQLJ connection that uses SSL, you can use RACF key rings to store server certificates for SSL connections.

Before you begin

Configure connections under the IBM Data Server Driver for JDBC and SQLJ to use SSL.

Procedure

  1. Set the sslTrustStoreType property to "JCERACFKS" using the setSSLTrustStoreLocation method:
    ((com.ibm.db2.jcc.DB2BaseDataSource)ds).setSSLTrustStoreLocation("JCERACFKS");
  2. Set the sslTrustStoreLocation property using the setSslTrustStoreLocation method:
    ((com.ibm.db2.jcc.DB2BaseDataSource)
    ds).setSslTrustStoreLocation(safkeyring://racf-id/ring-id);
  3. Set the crypto provider package on the JVM:
    Djava.protocol.handler.pkgs=com.ibm.crypto.provider

Examples

The following examples assume that you have specified the JVM system property java.protocol.handler.pkgs as a JVM argument:

-Djava.protocol.handler.pkgs=com.ibm.crypto.provider
  • Configuring the driver to use RACF key rings for SSL certificates using the DataSource interface:
    com.ibm.db2.jcc.DB2SimpleDataSource ds = new
    com.ibm.db2.jcc.DB2SimpleDataSource();
    ds.setDriverType(4);                           
    ds.setDatabaseName("DBNAME");    
    ds.setServerName("host");      
    ds.setPortNumber(448);          
    ds.setUser("dbuser");                           
    ds.setPassword("dbpassword");
    ds.setSSLConnection (true);
    // enable SSLds.setSSLTrustStoreType ("JCERACFKS");
    // use JCERACFKS type oftruststoreds.setSslTrustStoreLocation
    (safkeyring://racf-id/ring-id);                // URL to the RACF key ring store
          ds.setSslTrustStorePassword("password"); // Password to the RACF key ring:
                                                   // Must be "password"
          storejava.sql.Connection con = ds.getConnection ();
  • Configuring the driver to use RACF key rings for SSL certificates using the DriverManager interface:
    String connectionUrl = "jdbc:db2://host:448/DBNAME:" +                     
                                     "sslConnection=true;" +                     
                                     "sslTrustStoreType=JCERACFKS;" +                     
                                     "sslTrustStoreLocation=safkeyring:
                                      //<racfid>/<ringid>;"+          
                                     "sslTrustStorePassword=password";
    java.sql.Connection con = 
     DriverManager.getConnection (connectionURL, "dbuser","dbpassword");