Technical Blog Post
Abstract
In Db2LUW how to do a SSL loopback catalog
Body
Just wanted to share an example with sample database on how to do a SSL loopback in Db2LUW.
db2 catalog tcpip node LOOPNODE remote MYHOST server 21212 security ssl
That shows,
$ db2 list node directory
Node Directory
Number of entries in the directory = 1
Node 1 entry:
Node name = LOOPNODE
Comment =
Directory entry type = LOCAL
Protocol = TCPIP
Hostname = myhost
Service name = 21212
Security type = SSL
Uncatalog the current default catalog :
db2 uncatalog db SAMPLE
db2 terminate
Then,
db2 catalog db SAMPLE as LOOPDB
db2 terminate
db2 catalog db LOOPDB as SAMPLE at node LOOPNODE
db2 terminate
That will show following :
$ db2 list db directory
System Database Directory
Number of entries in the directory = 2
Database 1 entry:
Database alias = LOOPDB
Database name = SAMPLE
Local database directory = /home2/biswarup
Database release level = 10.00
Comment =
Directory entry type = Indirect
Catalog database partition number = 0
Alternate server hostname =
Alternate server port number =
Database 2 entry:
Database alias = SAMPLE
Database name = LOOPDB
Node name = LOOPNODE
Database release level = 10.00
Comment =
Directory entry type = Remote
Catalog database partition number = -1
Alternate server hostname =
Alternate server port number =
After that any application or user using the externally known database SAMPLE
will go through the SSL protocol.
Just to remind anybody intentionally try to access using hidden LOOPDB name will be
able to do do if the user if already authenticated locally.
If not authenticated locally they will be asked to enter userid and password.
In addition to that following could be set to use SSL as a whole :
dbm conifg port SSL_SVCENAME for client connectivity.
And, db2 registry
DB2COMM=SSL
UID
ibm11139938