SupportSupport

I'm trying to get DBVis 8.0.7 to connect to a remote DB2 v9.7.5 database with SSL.
( The remote database only support SSL connections.)

From the DB2 command-line (i.e. not java) , I'm able to connect to the same database with SSL.
Now I'm trying to get JDBC SSL connections from DB-VIS working.

Has anyone else got SSL connections from DBV 8.0.7 to DB2 v9.7 working ?

When I try an SSL connection, DBVis throws exception: "java.lang.InternalError: internal error: SHA-1 not available".
The laptop is Win-7 x64.
The laptop has both JRE7 and JDK 1.7.0.
DBVis seems to use the JRE7.

I imported the db2 server certificate into my cacerts file.

I changed java.security as per instructions here:
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.apdv.java.doc/src/tpc/imjcc_t0054066.html

I changed dbvis.vmoptions as follows:
-Xmx512m
-Djavax.net.ssl.trustStore=cacerts
-Djavax.net.ssl.trustStorePassword=whatever
-Dcom.ibm.jsse2.JSSEFIPS=true
-DsslConnection=true

Hans,
I had already spotted and corrected that, although it did not resolve the issue (i.e. sslConnection=true is not a driver-property, removed from dbvis.vmoptions).

I suspect that the instructions for modifying the java.security file are incorrect or incomplete for Java 1.7.

I reverted to trying to use the SunJSSE as the security provider (instead of using the IBM JSSE2 provider).

This meant a change to java.security again.

Now the symptom has changed, although at least DBVis now successfully starts up, but it still cannot connect with SSL to DB2 because the connection attempt throws:

java.lang.ClassNotFoundException: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl.

This class (com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl) seems to be part of the standard Oracle Java 1.7 jre (in file jsse.jar in directory jre\lib).

So I ensured that the system-environment-variable CLASSPATH includes this file , viz:
CLASSPATH=C:\Program Files\IBM\SQLLIB\java\db2java.zip;C:\Program Files\IBM\SQLLIB\java\db2jcc.jar;C:\Program Files\IBM\SQLLIB\java\sqlj.zip;C:\Program Files\IBM\SQLLIB\java\db2jcc_license_cu.jar;C:\Program Files\IBM\SQLLIB\bin;C:\Program Files\IBM\SQLLIB\java\common.jar;.;C:\Program Files\Java\jre7\lib\jsse.jar
---
So now I can't see why the ClassNotFound exception happens when the relevant jarfile is present on the CLASSPATH.

Edited by: Mike on 16-Jan-2012 22:35

OK I emailed the requested information to support at dbvis.com for your attention.
Thank you.

Thanks to support at dbvis dot com for advice and support.

The problem is resolved.

DBVisualizer SSL connections to DB2 works fine with JRE7 1.7.0_02 on both x64 and x86 environments, when properly configured.

The solution is:

(1) For JRE7 only, ignore one detail of IBM's advice for SunJSSE
at this URL:
http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/com.ibm.db2.udb.apdv.java.doc/doc/t0054066.htm

For JRE7 with SunJSSE ,do not add these 2 lines to java.security:
ssl.SocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl

( Note: these two lines work with JRE6 only, but they break JRE7 1.7.0_02 b13 at least).

(2) Add a driver property sslConnection=true to the DBVisualiser connection.

(3) If you are using the default cacerts file that comes with the JRE7, there's no need for any system property or driver property to identify it. If you specify a "javax.net.ssl.trustStore" driver-property, then ensure the filename is fully qualified (else you may get exception "the trustAnchors parameter must be non-empty" ).
If you are using your own truststore (not cacerts), and/or a non-default password then give relevant driver properties to DBbvisualiser on the connection.

For JRE7 with SunJSSE, try to use these 2 lines for java.security:
ssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=sun.security.ssl.SSLServerSocketFactoryImpl

Path has changed for this two classes.