A A A

Please consider registering
guest

Log In

Lost password?
Advanced Search:

— Forum Scope —



— Match —



— Forum Options —




Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Message: Received fatal alert: handshake_failure. ERRORCODE=-4499, SQLSTATE=08001
February 6, 2017
12:29 pm
Lo0oM
Admin
Forum Posts: 217
Member Since:
September 30, 2012
Offline

Hi

 

Description:

DB2 11.1 installed on RHEL 7.2 server with SSL connection configured. IBM Data Studio 4.1.2 installed on the client side.

SSL connection error:

Message: Received fatal alert: handshake_failure. ERRORCODE=-4499, SQLSTATE=08001

 

Server SSL configuration:

[db2inst1@Marian2 ~]$ db2 get dbm cfg |grep SSL
 SSL server keydb file                   (SSL_SVR_KEYDB) = /home/db2inst1/SSL/key.kdb
 SSL server stash file                   (SSL_SVR_STASH) = /home/db2inst1/SSL/key.sth
 SSL server certificate label            (SSL_SVR_LABEL) = SSL
 SSL service name                         (SSL_SVCENAME) = 50602
 SSL cipher specs                      (SSL_CIPHERSPECS) = TLS_RSA_WITH_AES_128_CBC_SHA  
 SSL versions                             (SSL_VERSIONS) =
 SSL client keydb file                  (SSL_CLNT_KEYDB) = /home/db2inst1/SSL/keyclient.kdb
 SSL client stash file                  (SSL_CLNT_STASH) = /home/db2inst1/SSL/keyclient.sth

Local SSL connection works fine, remote non-SSL connection works fine.

 

Solution:

1. Default JDBC 4.0 driver of IBM Data Studio 4.1.2 do not support Java 1.8 so we need to download new driver:
http://www-01.ibm.com/support/…..wg21363866

New downloaded driver will not have license so place it in the same directory where the old driver resides (for 11.1 version 4.21.29):

C:/Program Files/IBM/SDPShared/plugins/com.ibm.datatools.db2_2.2.200.v20150728_2354/driver

 

db2jcc4.jar

 

2. If you want to use AES256 encryption download Unrestricted JCE policy files:

https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=jcesdk

and extract them to C:/Program Files/IBM/DS4.1.2/jdk/jre/lib/security

IBM Data Studio java files place.

 

3. Create java store using IBM Data Studio Java and import server certificate in it:

c:/111> "C:/Program Files/IBM/DS4.1.2/jdk/jre/bin/keytool.exe" -keystore clientkeystore -genkey -alias client

c:/111> "C:/Program Files/IBM/DS4.1.2/jdk/jre/bin/keytool.exe" -import -file c:/111key.arm -keystore clientkeystore

 

where c:111 is java store location and key.arm is server certificate file.

 

Now you can configure SSL options in Data Studio driver properties:

sslTrustStoreLocation=c:/111/clientkeystore

sslTrustStorePassword=mypass

sslConnection=true

 

Thank you.

 

Forum Timezone: UTC 0

Most Users Ever Online: 31

Currently Online:
2 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Member Stats:

Guest Posters: 0

Members: 0

Moderators: 0

Admins: 1

Forum Stats:

Groups: 3

Forums: 20

Topics: 214

Posts: 214

Newest Members: Lo0oM

Administrators: Lo0oM (217)