IBM Support

In Db2LUW how to do a SSL loopback catalog

Technical Blog Post


Abstract

In Db2LUW how to do a SSL loopback catalog

Body

Just wanted to share an example with sample database  on how to do a SSL  loopback in Db2LUW.


db2 catalog tcpip node LOOPNODE  remote  MYHOST  server 21212 security ssl

That  shows,

$ db2 list node directory

 Node Directory

 Number of entries in the directory = 1

Node 1 entry:

 Node name                      = LOOPNODE
 Comment                        =
 Directory entry type           = LOCAL
 Protocol                       = TCPIP
 Hostname                       = myhost
 Service name                   = 21212
 Security type                  = SSL


Uncatalog the current  default  catalog :
db2  uncatalog db  SAMPLE
db2 terminate
 
Then,
db2 catalog db SAMPLE  as   LOOPDB
db2 terminate
 
db2 catalog  db LOOPDB as  SAMPLE at node LOOPNODE
db2  terminate


That will show following  :

$ db2 list db directory

 System Database Directory

 Number of entries in the directory = 2

Database 1 entry:

 Database alias                       = LOOPDB
 Database name                        = SAMPLE
 Local database directory             = /home2/biswarup
 Database release level               = 10.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

Database 2 entry:

 Database alias                       = SAMPLE
 Database name                        = LOOPDB
 Node name                            = LOOPNODE
 Database release level               = 10.00
 Comment                              =
 Directory entry type                 = Remote
 Catalog database partition number    = -1
 Alternate server hostname            =
 Alternate server port number         =

 

After that  any  application or user    using  the externally  known  database  SAMPLE
will   go through  the SSL   protocol.

Just  to remind  anybody  intentionally  try to access using   hidden  LOOPDB  name  will be
able to do do  if  the user if  already authenticated locally.  
If  not authenticated  locally   they will  be asked to enter  userid and password.


In   addition to that following  could  be set to use  SSL  as a whole  :

dbm conifg  port    SSL_SVCENAME  for  client  connectivity.

And,  db2  registry
DB2COMM=SSL

 

[{"Business Unit":{"code":"BU029","label":"Data and AI"}, "Product":{"code":"SSEPGG","label":"DB2 for Linux- UNIX and Windows"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11139938