You can configure SSL for a secure connection between Sterling B2B Integrator and DB2 during
runtime.
The TLS version is not set on the Sterling B2B Integrator for SSL communication with the DB2 server, but it is determined by the SSL_VERSIONS parameter set on the DB2 server. To determine the SSL versions set on the DB2 server, run db2 get dbm cfg | grep SSL
. See the below image for reference.
Check that the DB2 driver supports the required TLS version. Make sure you are using the correct DB drivers for your security requirements, which can facilitate the TLS communication between the application and database.
For more information on how to configure SSL on a DB2 instance, see
IBM DB2 Documentation.
At present, Sterling B2B Integrator supports SSL encryption mechanism using the Java Key Store (JKS) files.
To convert the DB2 server key files
b2biclient.arm
or
b2biclient.cer
, use the following commands:
keytool -import -noprompt -trustcacerts -alias b2bidb2 -file b2biclient.arm -keystore key.jks -storepass password -keypass password
keytool -import -v -trustcacerts -alias keyAlias -file server.cer -keystore cacerts.jks -keypass changeit
Note: The keytool is located in the <B2Bi_install>/jdk/bin
directory.
Note:
- The SSL feature is configured on DB2 v11.1 or later versions.
- At present, only one-way SSL is supported.
-
Download the JDBC driver from here DB2 JDBC Driver Versions and Downloads.
- Stop the Sterling B2B Integrator
services.
- Install DB2 with the SSL option.
- Access
sandbox.cfg
from Sterling B2B Integrator installation directory.
Find the non-SSL ports and replace with SSL ports.
-
DB2_PORT
-
DB_PORT
-
YANTRA_DB_PORT
-
sslConnection = true
For example: If SSL is configured on port 55000, then the ports must be updated as:
- DB2_PORT=55000
- DB_PORT=55000
- YANTRA_DB_PORT=55000
- Go to Sterling B2B Integrator
installation directory and navigate to the
Properties
folder. Back up the following
files before you update them.
jdbc.properties.in
jdbc.properties_platform_ifcresources_ext.in
- Specify the following parameters:
Parameter Name |
Description |
Optional or Mandatory |
key.jks |
File name in the modified URL for DB2 SSL setup. |
Mandatory |
password |
Password for the truststore file. |
Mandatory |
Find the base JDBC URL for the following database pools and update with the SSL configured URLs
in:
jdbc.properties.in
file.
-
db2Pool
-
db2Pool_local
-
db2Pool_NoTrans
For example:
The base JDBC URL is updated with the SSL URLs for the above mentioned
pools.
Existing JDBC URL - db2Pool.url=jdbc:db2://<IP address of DB2 server:port number>/B2Bi
db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi
Modified JDBC URLs:
db2pool - db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
db2Pool_local - db2Pool_local.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
db2Pool_NoTrans - db2Pool_NoTrans.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
jdbc.properties_platform_ifcresources_ext.in
file. For example:
The base JDBC URL is updated with the SSL URLs for the above mentioned
pools.
Existing JDBC URL - db2Pool.url=jdbc:db2://<IP address of DB2 server:port number>/B2Bi
db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi
Modified JDBC URLs:
db2ArchivePool - db2ArchivePool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
db2UIPool - db2UIPool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
- Run
setupfiles.sh
for Linux/Unix and setupfiles.cmd
for
Windows.
- Run
deployer.sh
for Linux/Unix and deployer.cmd
for
Windows.
- Restart the Sterling B2B Integrator services.