Start a new topic

[8.0.7] SSL connection to DB2

[This topic is migrated from our old forums. The original author name has been removed]

I'm trying to get DBVis 8.0.7 to connect to a remote DB2 v9.7.5 database with SSL. ( The remote database only support SSL connections.) From the DB2 command-line (i.e. not java) , I'm able to connect to the same database with SSL. Now I'm trying to get JDBC SSL connections from DB-VIS working. Has anyone else got SSL connections from DBV 8.0.7 to DB2 v9.7 working ? When I try an SSL connection, DBVis throws exception: "java.lang.InternalError: internal error: SHA-1 not available". The laptop is Win-7 x64. The laptop has both JRE7 and JDK 1.7.0. DBVis seems to use the JRE7. I imported the db2 server certificate into my cacerts file. I changed java.security as per instructions here: http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.apdv.java.doc/src/tpc/imjcc_t0054066.html I changed dbvis.vmoptions as follows: -Xmx512m -Djavax.net.ssl.trustStore=cacerts -Djavax.net.ssl.trustStorePassword=whatever -Dcom.ibm.jsse2.JSSEFIPS=true -DsslConnection=true

[This reply is migrated from our old forums.]

Re: [8.0.7] SSL connection to DB2
Hi Mike, I have not tested this, but looking at the DB2 documentation, I see at least one thing in your configuration that is not correct. The "sslConnection=true" setting should be a done as driver property, not as a Java VM system property. So remove it from dbvis.vmoptions and instead add it under Driver Properties in the Properties tab for the connection. I hope this helps. Best Regards, Hans
[This reply is migrated from our old forums. The original author name has been removed]

Re: [8.0.7] SSL connection to DB2
Hans, I had already spotted and corrected that, although it did not resolve the issue (i.e. sslConnection=true is not a driver-property, removed from dbvis.vmoptions). I suspect that the instructions for modifying the java.security file are incorrect or incomplete for Java 1.7. I reverted to trying to use the SunJSSE as the security provider (instead of using the IBM JSSE2 provider). This meant a change to java.security again. Now the symptom has changed, although at least DBVis now successfully starts up, but it still cannot connect with SSL to DB2 because the connection attempt throws: java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl. This class (com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl) seems to be part of the standard Oracle Java 1.7 jre (in file jsse.jar in directory jre\lib). So I ensured that the system-environment-variable CLASSPATH includes this file , viz: CLASSPATH=C:\Program Files\IBM\SQLLIB\java\db2java.zip;C:\Program Files\IBM\SQLLIB\java\db2jcc.jar;C:\Program Files\IBM\SQLLIB\java\sqlj.zip;C:\Program Files\IBM\SQLLIB\java\db2jcc_license_cu.jar;C:\Program Files\IBM\SQLLIB\bin;C:\Program Files\IBM\SQLLIB\java\common.jar;.;C:\Program Files\Java\jre7\lib\jsse.jar --- So now I can't see why the ClassNotFound exception happens when the relevant jarfile is present on the CLASSPATH. Edited by: Mike on 16-Jan-2012 22:35
[This reply is migrated from our old forums.]

Re: [8.0.7] SSL connection to DB2
Hi Mike, You should not have to change the CLASSPATH at all; the jsse.jar file should be included by default. In fact, adding things like this to the CLASSPATH may cause problems, because Java applies different rules for what a class can do depending on where it is loaded from. To help you, I need some more information. First, exactly which JDBC driver are you using (vendor and version)? Please copy the information from the Connection Message area for the connection. Also, can you mail the java.security and dbvis.vmoptions files to support at dbvis.com? Best Regards, Hans
[This reply is migrated from our old forums. The original author name has been removed]

Re: [8.0.7] SSL connection to DB2
OK I emailed the requested information to support at dbvis.com for your attention. Thank you.
[This reply is migrated from our old forums. The original author name has been removed]

Re: [8.0.7] SSL connection to DB2
It seems that the problem syptom happens only with JRE7. I configured a different workstation that used JRE6 (not JRE7) using the instructions provided by IBM at http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.apdv.java.doc/src/tpc/imjcc_t0054066.html. On that different workstation, DBVis 7.1.5 was installed and used JRE6(1.6.0_29) and DBVis is successfully able to connect via SSL to the DB2 database , using the jdbc driver for db2 supplied by DBVis, and using the SunJSSE security provider without problems. I need to find a way to get SSL connections-to-db2 via SunJSSE working with JRE7. I compared the JRE6 java.security file with that of JRE7 and there are several differences. But anyway, it appears this is not a problem of DBVis.
[This reply is migrated from our old forums. The original author name has been removed]

Re: [8.0.7] SSL connection to DB2
Thanks to support@dbvis.com for advice and support. The problem is resolved. DBVisualizer SSL connections to DB2 works fine with JRE7 1.7.0_02 on both x64 and x86 environments, when properly configured. The solution is: (1) For JRE7 only, ignore one detail of IBM's advice for SunJSSE at this URL: http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/com.ibm.db2.udb.apdv.java.doc/doc/t0054066.htm For JRE7 with SunJSSE ,do *not* add these 2 lines to java.security: ssl.SocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl ssl.ServerSocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl ( Note: these two lines work with JRE6 only, but they break JRE7 1.7.0_02 b13 at least). (2) Add a driver property sslConnection=true to the DBVisualiser connection. (3) If you are using the default cacerts file that comes with the JRE7, there's no need for any system property or driver property to identify it. If you specify a "javax.net.ssl.trustStore" driver-property, then ensure the filename is fully qualified (else you may get exception "the trustAnchors parameter must be non-empty" ). If you are using your own truststore (not cacerts), and/or a non-default password then give relevant driver properties to DBbvisualiser on the connection.
[This reply is migrated from our old forums.]

Re: [8.0.7] SSL connection to DB2
Hi Mike, I'm glad you figured it out. Thanks for posting the summary here. I'm sure it will save others a lot of work. Best Regards, Hans
[This reply is migrated from our old forums. The original author name has been removed]

Re: [8.0.7] SSL connection to DB2
For JRE7 with SunJSSE, try to use these 2 lines for java.security: ssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl ssl.ServerSocketFactory.provider=sun.security.ssl.SSLServerSocketFactoryImpl Path has changed for this two classes.
[This reply is migrated from our old forums.]

Re: [8.0.7] SSL connection to DB2
Hi Carmen, Thanks for the information! Best Regards, Hans