Skip to main content

IBM DB2 for z/OS: Configuring TLS/SSL for Secure Client/Server Communications

An IBM Redpaper publication


Published on 23 February 2022, updated 25 February 2022

  1. .EPUB (0.5 MB)
  2. .PDF (2.9 MB)

Share this page:   

ISBN-10: 0738460281
ISBN-13: 9780738460284
IBM Form #: REDP-4799-02

Authors: Chris Meyer and Derek Tempongko

    menu icon


    This IBM® Redpaper publication provides information about how to set up and configure IBM Db2® for z/OS® with Transport Layer Security (TLS), which is the modern version of Secure Sockets Layer (SSL). This configuration is accomplished by using the IBM z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS) services.

    This paper also describes the steps for configuring TLS/SSL support for the IBM Data Server Driver Package (DS Driver) for IBM Data Server Provider for .NET, Open Database Connectivity (ODBC), and Call Level Interface clients to access a Db2 for z/OS server. In addition, this paper provides information about configuring that same support for the Java Database Connectivity (JDBC) and Structured Query Language for Java (SQLJ for Type 4 connectivity) clients.

    The information that is provided is applicable to Db2 12 for z/OS and Db2 11 for z/OS.

    Although we use z/OS V2R4 as the referenced release in this paper, the instructions, except for a TLSv1.3 configuration, are valid for releases as early as z/OS V2R1.

    Throughout the paper, we reference z/OS Security Server or IBM Resource Access Control Facility (IBM RACF®) in various contexts. It should be understood that anywhere we mention RACF, it implies any System Authorization Facility (SAF)-compliant external security manager.

    The intended audience for this paper includes network administrators, security administrators, and database administrators who want to set up and configure TLS/SSL support for Db2 for z/OS.

    This paper presents more information about the more general contents of Security Functions of IBM DB2 10 for z/OS, SG24-7959.

    Table of Contents

    Overview of AT-TLS

    Configuring Db2 for z/OS as a server with TLS/SSL support

    Configuring Db2 for z/OS as a requester with TLS/SSL support

    Configuring Java applications by using IBM DS Driver for JDBC and SQLJ to use TLS/SSL

    Configuring the IBM DS Driver non-Java interfaces: Command-line interface, ODBC, and .NET

    Configuring remote client applications to use TLS/SSL through a Db2 Connect server for Linux, UNIX, and Windows

    Client access to Db2 by using TLS/SSL client authentication

    Using the Microsoft truststore

    Using the Windows keystore


    Others who read this also read