How to configure a secure DB2 Connection in TDM Portal and FDM
search cancel

How to configure a secure DB2 Connection in TDM Portal and FDM

book

Article ID: 227241

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

We are implementing a more secure layer for databases and bringing it to TLS 1.2. Also, I have received our new DB2 certificates file, and imported them into a truststore file.

How do we set up a secure connection to the DB2 database in TDM Portal and FDM?

Environment

All supported release of TDM Portal and FDM

Resolution

To create a DB2 connection profile in TDM Portal that uses a secured SSL connection, you would need to do the following:

  1. As an Administrator user in TDP Portal, go to the Configuration -> Connection Profile page.
  2. Select the New Profile button
  3. In the Add New Connection Profile page, provide the required information in the following fields:
    • Profile Name - this will be the name you give to your Connection Profile

    • Description - a description to describe this connection profile

    • DBMS - set to DBS, or DB2/AS400

    • Server - provide the name of the server hosting the DB2 database

    • Port - optional, but if you know the listener port the DB2 is using, this would be helpful

    • User Name - user name of the DB2 account

    • Password - password used by this user

    • Additional Connection Properties - This is important, since this sets up the SSL connection parameters used by the DB2 database:
      sslConnection=true;sslTrustStoreLocation=[path to the keystore file or a truststore file];sslTrustStorePassword=[your store password];CryptoProtocolVersion=TLSv1.2;

      Where 1) sslTrustStoreLocation=the path to the TrustStore file containing the DB2 certificates
      2) sslTrustStorePassword=is the password needed to access the TrustStore file.

As for the embedded Java JRE, by default, the Java 1.8.0_412 version (TDM/FDM 4.10.x) and Java 17.0.11+9 version (TDM/FDM 4.11.x)  only allows for TLS1.2  and TLS1.3 (for Java 17) connections. All other protocols are disabled. If you need to enable an older protocol, for instance, TLS1.1, then you will need to do the following:

  1. Open a Windows File Explorer and navigate to:
    • C:\Program Files\CA\CA Test Data Manager Portal\jre\lib\security (Java 1.8)
    • C:\Program Files\CA\CA Test Data Manager Portal\jre\conf\security (Java 17)
  2. Open the java.security file
  3. In a text editor of your choice, such as NotePad++, search for jdk.tls.disabledAlgorithms
  4. Remove the protocol you wish to use from this list, for example, TLS1.1
  5. Save the changes
  6. Restart the CA Test Data Manager Portal service for the change to take effect. The file is read when Tomcat is started.

This also applies to FDM. You can do similar steps to configure an FDM connection to use SSL when connecting to DB2. If you enable TLS1.1 for the Portal, then you will also want to do the same for the embedded JRE used by FDM. See the following KB: TLS error during FDM masking of SSL data source.

Additional Information

If your security team provided you with a TrustStore file, then all you need to know is the password for the file. You can place this file anywhere you wish on the Portal server, as long as the account running the CA Test Data Manager Portal service has read access to the file.

You would then specify the full path to the file, and the password required for accessing the file in the Additional parameters in the Connection Profile configuration.

If you were only given the certificate file, and need to create a truststore file, see Steps to convert and import a Certificate file to a Truststore file

.