Configuring TLS support in a Db2 server using a self-signed certificate

The Db2 database system supports Transport Layer Security (TLS), which means that a Db2 client application that also supports TLS can connect to a Db2 database by using a TLS socket. Applications that support TLS include CLI, CLP, and .Net Data Provider client applications, as well as applications that use the IBM® Data Server Driver for JDBC and SQLJ for type 4 connections.

Before you begin

This task configures a Db2® server for TLS support by using a self-signed certificate.

To configure TLS by using a CA-signed certificate, see Configure TLS support in a Db2 Server using a CA-signed certificate.
To configure TLS by using a third-party-provided certificate chain and private key, see Configuring TLS support in a Db2 server using a certificate chain.

About this task

To configure TLS support for a Db2 server by using a self-signed certificate, you need to complete the following sub-tasks:

Create a keystore using IBM Global Security Kit (GSKit).
Create a self-signed certificate.
Extract the certificate for distribution to clients.
Configure TLS support for the Db2 server.