node js TLS connectivity to IBM DB2

[NParikh-np]

Can we connect to IBM DB2 with TLS from node js without having gsKit generated certs as (https://github.com/ibmdb/node-ibm_db/issues/687) option with secure port also giving an error: Error: message=[IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "TCP/IP". Communication API being used: "SOCKETS". Location where the error was detected:

[bimalkjha]

@NParikh-np Secure port is configured on Server and it is servers requirement to send the certificate from client system for connection on secure port. This certificate should get generated from server system and passed in connection string of ibm_db using SSLServerCertificate. Without having server certificate, you can't have secure connection. Thanks.

[bimalkjha]

Check it: https://github.com/ibmdb/node-ibm_db/blob/master/APIDocumentation.md#SSLConnection

[NParikh-np]

Thank you for providing the details. We have the in common certs from our DB2 system and it is not working. they are not ready to provide any certs generated with GSKits required formats.

[bimalkjha]

@NParikh-np When Db2 server get installed, GSKit also get installed. To enable secure port on server, GSKit must be used. If server is not configured properly to accept secure connection, client can not connect to it. If server admin refuse to share server certificate, you can not connect to server. Unless admin do not share all necessary info for connection to a server, you can not connect to it. If server admin is not ready to share certificate means they do not want you to access the server. Thanks.

[bimalkjha]

Note that if your target Db2 server is in IBM Cloud and its a DASHDB or BLUDB, then server certificate is not required as certificate of such server comes with ibm_db itself. So, no need to use SSLServerCertificate is connection string if your server fall under such category. I don't know what kind of server you are trying to connect. Thanks.

[NParikh-np]

Thank you. This info helps a lot. Will it required .kdb and .sth files or .pem or .crt will works? As I tried from node js with this configuration SecurityTransportMode=SSL;" + "SSLServerCertificate=.....pem; and error that i mentioned keep pointing gskit certs.

[NParikh-np]

I believe our IBM sever is still on premises.

[bimalkjha]

@NParikh-np No, .kdb and .sth file is not required. Only .pem file is sufficient. Make sure you are passing the full path of .pem file to SSLServerCertificate keyword and user has read permission for this file. If issue persist, write a small test program to reproduce the issue, Put the test file name in installer\testODBCCOnnection.bat[.sh] file and run this script to collect logs. Share the generated file with complete output. Also, you have not filled the issue template while opening the issue. We don't know on which OS you have installed ibm_db? It is macos, windows or Linux? What is the db2level of client and server? Version of nodejs? These info required to understand the problem environment.

[bimalkjha]

Share below info too:

• Operating System Name:

• db2level output from clidriver if in use:

• Target Db2 Server Version:

• node.js Version:

• ibm_db version:

• For non-Windows, output of below commands: uname uname -m

• Value of below environment variables if set: IBM_DB_HOME: PATH: LIB/LD_LIBRARY_PATH/DYLD_LIBRARY_PATH:

• Test script to reproduce the problem.

[NParikh-np]

Thank you for the details. I will follow above.