Configuring Secure Sockets Layer (SSL) on Db2 and WebSphere

After enabling SSL on Db2 and WebSphere®, configure the application for SSL support.

1. Edit the <INSTALL_DIR>/properties/sandbox.cfg file and add the following property:

   ADDITIONAL_JAVA_JDBC_ARGS= -Djavax.net.ssl.trustStoreType=pkcs12 -Djavax.net.ssl.trustStore=<path_to_trust_store>\key.p12 -Djavax.net.ssl.trustStorePassword=<password>

   where <password> is the same password set when you created the trust store. Make sure to properly escape slashes in the value for the <path_to_trust_store> parameter. You can refer to the sandbox.cfg file for guidance on usage.

2. Edit the <INSTALL_DIR>/properties/customer_overrides.properties file and set the following properties:

   jdbcService.db2.default.prop_sslConnection=true
           jdbcService.db2Pool.url=jdbc:db2://<ip_adderss>:<db2_ssl_port>/<db_name>
   jdbcService.db2Pool.datasource=<data_source_name>

   The port number mentioned in <db2_ssl_port> should be the same as specified when setting the Db2 property SSL_SVCENAME.

3. Run the script <INSTALL_DIR>\bin\setupfiles.cmd (for Windows) or <INSTALL_DIR>/bin/setupfiles.sh (for UNIX or Linux®).
4. Create the resource JAR using the following command:

   For Windows®: <INSTALL_DIR>/bin/deployer.cmd -t resourcejar

   For Unix: <INSTALL_DIR>/bin/deployer.sh -t resourcejar

5. Re-create and re-deploy the smcfs.ear file. This file is the EAR package.
6. In your WebSphere server configuration, under Generic JVM arguments, pass the following arguments:

   -Dvendor=websphere
   -DvendorFile=properties/servers.properties -DJAXWS_DEBUG=true -DJAXWS_HANDLER_DEBUG=true

   -Dssl.debug=true -Djavax.net.debug=true”

7. Restart your WebSphere application server.