4
votes

I am using Squirrel 3.5.0 client to connect to DB2 Database. Recently I have changed my DB2 to run on SSL instead of normal TCS/IP. Now I want Squirrel to connect to my DB2 server using SSL port. So I updated the port number in the connection string. Now I need to add the server certificate into the Squirrel client truststore so that it can trust the server connection but I don't know how to do it? Does anyone have any idea over it?

4

4 Answers

1
votes

Just in case if anyone else is looking trying to accomplish the same stuff:

  1. Find out the JAVA_HOME path.
  2. Run the following command

    keytool -importcert -file e:/certificateName.ext -keystore \jre\lib\security\cacerts

  3. Open Squirrel, and modify the connection aliase. At the end of connection string append the following :sslConnection=true;

  4. That's it, now you can connect with the database over SSL.

0
votes

I had success by specifying the following javax.net.ssl environment variables.

-Djavax.net.ssl.trustStore=<pathto>\clientkeystore
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStorePassword=<password>

This can be done in a couple of ways, I chose to add it to the squirrel-sql.bat / squirrel-sql.sh startup scripts:

e.g.

squirrel-sql.bat

...
start "SQuirreL SQL Client" /B "%LOCAL_JAVA%" -Xmx256m -Dsun.awt.nopixfmt=true -Djavax.net.ssl.trustStore=C:/ssl/clientkeystore -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=password -Dsun.java2d.noddraw=true -cp %SQUIRREL_CP% -splash:"%SQUIRREL_SQL_HOME%/icons/splash.jpg" net.sourceforge.squirrel_sql.client.Main %TMP_PARMS%
...

Caveat: this only allows one trustStore to be specified at a time. There are plenty of work arounds however: e.g.

  1. Import multiple certs into your trustStore
  2. Import a Root CA Certificate (e.g.)
  3. Have different start scripts

See also: https://sourceforge.net/p/squirrel-sql/mailman/message/25794656/

0
votes

What works for me is a URL that looks like this:

jdbc:db2://10.10.100.100:50010/DDEVD:sslConnection=true;sslTrustStoreLocation=C:/Data/db2trusttest/ts-02-new.jks;sslTrustStorePassword=changeit;

(mind the trailing semicolon)

-1
votes

just edit your alias. Clicking on Properties. Then Driver Properties and choose Use driver properties for adding these properties:

sslConnection with true value.

sslTrustStoreLocation with the path of your jcekdb.jsk as value.

sslTrustStorePassword with your password as value.