Configuring TLS Support in a Db2 Server using a certificate chain

The Db2 database system supports Transport Layer Security (TLS), which means that a Db2 client application that also supports TLS can connect to a Db2 database by using a TLS socket. Applications that support TLS include CLI, CLP, and .Net Data Provider client applications, as well as applications that use the IBM® Data Server Driver for JDBC and SQLJ for type 4 connections.

Before you begin

This task configures a Db2® server for TLS support by using a ready-made certificate chain and private key that is provided by a third party.

To configure TLS by using a self-signed certificate, see Configure TLS support in a Db2 server using a self-signed certificate.
To configure TLS by using a CA-signed certificate, see Configure TLS support in a Db2 Server using a CA-signed certificate.

About this task

To configure TLS support for a Db2 server by using a CA-signed certificate, you need to complete the following sub-tasks:

Create a keystore using IBM Global Security Kit (GSKit).
Add a certificate chain.
Configure TLS support for the Db2 server.