I am using Squirrel 3.5.0 client to connect to DB2 Database. Recently I have changed my DB2 to run on SSL instead of normal TCS/IP. Now I want Squirrel to connect to my DB2 server using SSL port. So I updated the port number in the connection string. Now I need to add the server certificate into the Squirrel client truststore so that it can trust the server connection but I don't know how to do it? Does anyone have any idea over it?
4 Answers
Just in case if anyone else is looking trying to accomplish the same stuff:
- Find out the
JAVA_HOME
path. Run the following command
keytool -importcert -file e:/certificateName.ext -keystore \jre\lib\security\cacerts
Open Squirrel, and modify the connection aliase. At the end of connection string append the following
:sslConnection=true;
That's it, now you can connect with the database over SSL.
I had success by specifying the following javax.net.ssl
environment variables.
-Djavax.net.ssl.trustStore=<pathto>\clientkeystore
-Djavax.net.ssl.trustStoreType=JKS
-Djavax.net.ssl.trustStorePassword=<password>
This can be done in a couple of ways, I chose to add it to the squirrel-sql.bat
/ squirrel-sql.sh
startup scripts:
e.g.
squirrel-sql.bat
...
start "SQuirreL SQL Client" /B "%LOCAL_JAVA%" -Xmx256m -Dsun.awt.nopixfmt=true -Djavax.net.ssl.trustStore=C:/ssl/clientkeystore -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=password -Dsun.java2d.noddraw=true -cp %SQUIRREL_CP% -splash:"%SQUIRREL_SQL_HOME%/icons/splash.jpg" net.sourceforge.squirrel_sql.client.Main %TMP_PARMS%
...
Caveat: this only allows one trustStore to be specified at a time. There are plenty of work arounds however: e.g.
- Import multiple certs into your trustStore
- Import a Root CA Certificate (e.g.)
- Have different start scripts
See also: https://sourceforge.net/p/squirrel-sql/mailman/message/25794656/