AT-TLS configuration
You need to complete a set of configurations that are required for Db2 to take advantage of AT-TLS support.
You must complete the following configurations of your Db2 to use the AT-TLS support:
- PROFILE.TCPIP configuration
You can specify the TTLS or NOTTLS parameter on the TCPCONFIG statement in PROFILE.TCPIP to control whether you want to use the AT-TLS support.
- TCP/IP stack access control configuration
To protect TCP/IP connections, you can configure the RACF® EZB.INITSTACK.sysname.tcpname resource in the SERVAUTH class to block all stack access except for the user IDs that are permitted to use the resource.
- Policy configuration
The policy agent provides AT-TLS policy rules to the TCP/IP stack. Each rule defines a set of security conditions that the policy agent compares to the conditions at the connection that it is checking. When the policy agent finds a match, it assigns the connection to the actions that are associated with the rule.