Recently, one of my customers come up with a new requirement: end-to-end encryption, this including the communication to DB.
There are several mechanisms that can be used to implement an encrypted communication layer between App Server (WAS) and DB Server (DB2) but some of them incur additional costs for additional hardware to be used or will add additional limitations to your systems.
Since we just migrate to DB2 v9.x recently, I opted for a different approach: JDBC over SSL solution. In 5 minutes, you can get details on how to configure DB2 to handle SSL connections (instead of the classic TCP/IP), so I will not talk too much about it, but was a bit challenging to make it work on WAS. Maybe because is so damn simple…
On DB2 side, all you need to do is to create a SSL config file to point to the newely created SSL key, then to set DB2COMM registry variable value to SSL:
db2set -i <instance name> DB2COMM=SSL
and restart the instance to activate the change.
On the WebSphere side… took me a while till I figure it out and make it work. I started by importing the key in the Trust Store. Then I realized, checking the system logs, that the problem is caused by the use of an incorrect communication method in com.ibm.db2.jcc.DB2ConnectionPoolDataSource, which is by default set to TCP/IP.
After that, everything become easy :) All that need to do is actually to add another custom property to the respective datasource to set the sslConnection property to true. Once this is added and the node/server restarted, everything works fine. Easy!