AWS Security ChangesHomeSearch

AWS AmazonRDS documentation change

Service: AmazonRDS · 2025-04-23 · Documentation low

File: AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md

Summary

Added detailed instructions for connecting to Db2 using Db2 CLP with SSL/TLS configuration steps

Security assessment

Documents SSL/TLS configuration procedures to secure database connections, but does not address a specific disclosed vulnerability or security incident.

Diff

diff --git a/AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md b/AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md
index eb82f6d01..2c78de004 100644
--- a//AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md
+++ b//AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md
@@ -250,0 +251,32 @@ Python
+Db2 CLP
+    
+
+###### To connect to your Db2 database server using Db2 CLP
+
+  1. To connect to your Db2 instance using Db2 CLP, you require GSKit. Download the software for your client from [ IBM Fix Central](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/IBM+Global+Security+Kit&release=All&platform=All&function=fixId&fixids=8.0.*&source=fc). Alternatively, you can either set up a thick client or have a run-time client download GSKit.
+
+  2. Create a keystore.
+    
+        gsk8capicmd_64 -keydb -create -db "directory/keystore-filename" -pw "changeThisPassword" -type pkcs12 -stash
+
+  3. Import the certificate bundles to the keystore.
+    
+        gsk8capicmd_64 -cert -import -file global-bundle.pem -target directory/keystore-filename> -target_stashed
+
+  4. Update the Db2 instance configuration. 
+    
+        db2 update dbm cfg using SSL_CLNT_KEYDB keystore-filename SSL_CLNT_STASH keystore stash file immediate
+
+  5. Catalog the node and database.
+    
+        db2 catalog tcpip node ssluse1 REMOTE endpoint ssl_svcename security ssl
+    
+    db2 catalog database testdb as ssltest at node ssluse1
+
+  6. Connect to the database.
+    
+        db2 connect to ssltest user username using password
+
+
+
+