AWS AmazonRDS documentation change
Summary
Added detailed instructions for connecting to Db2 using Db2 CLP with SSL/TLS configuration steps
Security assessment
Documents SSL/TLS configuration procedures to secure database connections, but does not address a specific disclosed vulnerability or security incident.
Diff
diff --git a/AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md b/AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md index eb82f6d01..2c78de004 100644 --- a//AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md +++ b//AmazonRDS/latest/UserGuide/Db2.Concepts.SSL.md @@ -250,0 +251,32 @@ Python +Db2 CLP + + +###### To connect to your Db2 database server using Db2 CLP + + 1. To connect to your Db2 instance using Db2 CLP, you require GSKit. Download the software for your client from [ IBM Fix Central](https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/IBM+Global+Security+Kit&release=All&platform=All&function=fixId&fixids=8.0.*&source=fc). Alternatively, you can either set up a thick client or have a run-time client download GSKit. + + 2. Create a keystore. + + gsk8capicmd_64 -keydb -create -db "directory/keystore-filename" -pw "changeThisPassword" -type pkcs12 -stash + + 3. Import the certificate bundles to the keystore. + + gsk8capicmd_64 -cert -import -file global-bundle.pem -target directory/keystore-filename> -target_stashed + + 4. Update the Db2 instance configuration. + + db2 update dbm cfg using SSL_CLNT_KEYDB keystore-filename SSL_CLNT_STASH keystore stash file immediate + + 5. Catalog the node and database. + + db2 catalog tcpip node ssluse1 REMOTE endpoint ssl_svcename security ssl + + db2 catalog database testdb as ssltest at node ssluse1 + + 6. Connect to the database. + + db2 connect to ssltest user username using password + + + +