The IBM® Global Security
Kit (GSKit) supports the use of the SSL protocol to protect DB2® client server communications
over the network. In some situations, if you want to use SSL, you
might need to install GSKit yourself.
If both your client and the server are on
the same physical computer, you do not need to install GSKit. GSKit
is automatically installed with the DB2 database
server software.
Note: Starting with Version 9.7,
Fix Pack 1, when you install the 64-bit version of the DB2 server, the 32-bit GSKit libraries are automatically
included in the installation.
If the client is installed on a separate
computer, is "C" based, and uses SSL to communicate with servers,
you must install GSKit on that client. You can install the GSKit libraries
from the IBM DB2 Support Files for SSL Functionality DVD.
Alternatively, you can install from an image that you download from Passport Advantage®.
Note: If you are updating from IBM DB2 Data Server Client Version
9.7 Fix Pack 4 or earlier to Version 9.7 Fix Pack 5, you must update
any application that uses GSKit V7 to use GSKit V8 to prevent application
failure. In Passport Advantage, you can download the GSKit V8 libraries
by selecting the GSKit elements marked for the DB2 Version 10.1 release.
For more information on how to install the latest
supported version of GSKit libraries, refer to the IBM Global Security Kit
global installation instructions overview.
GSKit consists of subcomponents each contained in a separate package:
- GSKit Crypt: This package contains the cryptographic algorithms
that GSKit SSL depends on. GSKit Crypt is a prerequisite for a GSKit
SSL installation on all operating systems.
- GSKit SSL: This package contains the basic runtime support to
enable security calls, the use of the TLS protocol, and the capicmd keystore
management tool.
You need to install the GSKit Crypt package and then the GSKit
SSL package.
The following dependencies exist for SSL support between DB2 clients and servers:
- Your applications must be ANSI C compliant.
- You must use a reliable communication protocol that supports a
client server environment, such as TCP/IP.