Can anyone tell me connection string for Excel VBA Connect to IBM DB2 via SSL Port . DB2 server platform is Linux.
I have a javakeystore created as well with a password. having hard time finding proper documentation or previous stack questions that provide complete answers.
I tried below-
Provider=IBMDADB2;Database= xxx;Hostname= xxxx Protocol=TCPIP;Port=25020;UID= xxx ;Pwd=
;sslConnection=true;sslTrustStoreLocation= C:/Temp/xxx.jks ;sslTrustStorePassword=
"
You cannot use a Java keystore (jks) file with a NON-java ODBC driver. The java keystore is only for jdbc apps and java-drivers (e.g. for ibm i-series). IBM's ODBC drivers for Db2-LUW are written in 'c/c++', not java.
You have to choose where the Db2 driver should get the certificate, and there are three places to get it from!
If your Db2-driver is supplied by IBM , and you are accessing Db2-LUW databases then your options are below:
(1) use no keystore, specify the key file (i.e the certificate file) via the
SSLServerCertificateconnection attribute in your connection-string. This is the simplest method. It is suitable when only a single certificate is needed. Your certificate file has to be in a specific format, and you have to specify the absolute (fully qualified) pathname to your certificate file as the value of theSSLServerCertificate=/path/to/keyfileattribute. In this case your connection string must not include anysslTrustStoreLocationorsslTrustStorePasswordkeywords. Study the docs here. Of course, you have to protect that certificate file , via appropriate permissions, to stop other people from using it. For example:SecurityTransportMode=SSL;SSLServerCertificate=c:\users\userxxx\Documents\myserver_cert.arm;...(2) use a keystore created and populated by IBM's GSK8 toolkit. GSK8 is included with larger DB2-client software, and is also included with the Db2-LUW local client. It is also separately downloadable and well documented by IBM. This is most suitable when you have multiple certificates, or two or more certificates are needed in a chain. Or you want to centrally manage your keystores via IBM command-line-methods. Study the docs here and on all related linked pages.
(3) Use the Microsoft Windows keystore ( Microsoft Certificate Store). In this case you tell IBM's DB2 driver to extract the key from the Microsoft-Windows system keystore. This is suitable when you use the Microsoft toolset to centrally manage the distribution, revoking and updating of certificates. You can also use with for accessing certificates stored on a smart card. Db2 can integrate with the Microsoft Certificate Store (mscs). You specify this on the connection string
SSLClientKeystoredb=GSK_MS_CERTIFICATE_STORE. Study the documentation here and on all related pages.