AT-TLS configuration

You need to complete a set of configurations that are required for Db2 to take advantage of AT-TLS support.

You must complete the following configurations of your Db2 to use the AT-TLS support:

  • PROFILE.TCPIP configuration

    You can specify the TTLS or NOTTLS parameter on the TCPCONFIG statement in PROFILE.TCPIP to control whether you want to use the AT-TLS support.

  • TCP/IP stack access control configuration

    To protect TCP/IP connections, you can configure the RACF® EZB.INITSTACK.sysname.tcpname resource in the SERVAUTH class to block all stack access except for the user IDs that are permitted to use the resource.

  • Policy configuration

    The policy agent provides AT-TLS policy rules to the TCP/IP stack. Each rule defines a set of security conditions that the policy agent compares to the conditions at the connection that it is checking. When the policy agent finds a match, it assigns the connection to the actions that are associated with the rule.