Informix

nested-group-icon.png

DB2

Expand all | Collapse all

DRDA w/SSL

  • 1.  DRDA w/SSL

    Posted Mon December 07, 2020 05:13 PM

    Has anyone here had any luck getting a client connected to Informix using the IBM DRDA protocol over SSL? I opened a case on this some months ago and the DB2 and Informix sides of the fence just kept punting back and forth.

    Setting up a drsocssl listener on the engine side is simple enough. But the Informix documentation for setting up DRDA connections doesn't even mention SSL, and doesn't list any parameters such as how to specify SSL and where to find the trust store.



    ------------------------------
    TOM GIRSCH
    ------------------------------


  • 2.  RE: DRDA w/SSL

    Posted Tue December 08, 2020 05:48 AM
    Tom:

    Did you check out the DB2 docs:

    Connecting to a Db2 database with SSL | IBM Db2 Warehouse


    ------------------------------
    Art S. Kagel, President and Principal Consultant
    ASK Database Management Corp.
    www.askdbmgt.com
    ------------------------------



  • 3.  RE: DRDA w/SSL

    Posted Tue December 08, 2020 08:22 AM

    The IBM support team sent me to a documentation page but it wasn't terribly helpful. We tried setting Security=ssl and SSLClientKeystoredb / SSLClientKeystash to point to the trust store, but those parameters seem to be DB2 database driver specific and are either ignored or rejected when connecting to Informix.

     

    This is where the DB2 side of the fence sent me:

    https://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0053518.html

    The Informix side of the fence punted completely.

     

     






  • 4.  RE: DRDA w/SSL

    Posted Tue December 08, 2020 10:46 AM

    Seems we got it working. This appears to be the magic combination:

    ```

    <add name="mydb" connectionString"Max Pool Size=50;Security=ssl;SSLClientKeystoredb=client.kdb;SSLClientKeystash=client.sth;userid=myuser;password=mypass;database=mydb;server=myserver.mydomain.com:myport" providerName="IBM.Data.Informix" />

    ```

    I'm checking with the developer to see where he had to put the client.kdb and client.sth files to eliminate the need to specify an explicit path.



    ------------------------------
    TOM GIRSCH
    ------------------------------