Encrypting Data in Transit with onsocssl

#1

We have a requirement to encrypt data in transit from the client to
the database. We are trying to use onsocssl with odbc, but have not
had any luck. Does anyone have any experience with onsocssl with odbc
access from a windows client?

We can connect to dbaccess using onsocssl, but each time we attempt to
connect using odbc we get this error:

Secure Sockets Layer error : GSK_KEYRING_OPEN_ERROR - keyring file did
not open.

I have done google searches (no luck) and have opened a call with
informix support (still researching), but wanted to know if there is
anyone who has successfully implemented this?

Thanks for any response.

#2

On Feb 1, 11:56*pm, caver <dmcbr... (AT) courts (DOT) state.va.us> wrote:

Quote:

We have a requirement to encrypt data in transit from the client to
the database. *We are trying to use onsocssl with odbc, but have not
had any luck. *Does anyone have any experience with onsocssl with odbc
access from a windows client?

We can connect to dbaccess using onsocssl, but each time we attempt to
connect using odbc we get this error:

Secure Sockets Layer error : GSK_KEYRING_OPEN_ERROR - keyring file did
not open.

I have done google searches (no luck) and have opened a call with
informix support (still researching), but wanted to know if there is
anyone who has successfully implemented this?

Thanks for any response.

Have you set up the certificate on the client?

#3

Yes. Thanks for responding.
We finally got it working.

If anyone else needs to set up onsocssl with informix, here are a few
notes
that might be helpful:

http://publib.boulder.ibm.com/infoce...ds_ssl_003.htm

1) The standard port for informix ssl is 9089

2) Other notes:

a.) Install Informix Client 3.70 (or newest version)
b.) Install GSK Toolkit Version 8
To get "gskit" from IBM:
https://www14.software.ibm.com/webap...PKG&lang=en_US

c.) Locate 'ETC' directory in the Informix Directory, most commonly in
one of the following paths:
C:\Program Files\Informix\Client-SDK\ETC\
C:\Program Files\Informix\ETC\
d.) Copy the .CERT file that is generated by the server (ie- app.cert)
to the ETC directory
then follow directions from manual

e.) Run the following commands in DOS from the ETC directory

To create required files on PC client:
gsk8capicmd -keydb -create -db client.kdb -pw XX -type cms -stash

To add the cert file to the KeyStore:
gsk8capicmd -cert -add -db client.kdb -pw XX -label app -file app.cert
-format ascii

3) For very slow performance using onsocssl,
check the onconfig parameter "VPCLASS" to make sure it does NOT have
"encrypt".

-Remove the "encrypt" from VPCLASS:

#VPCLASS encrypt,num=2 #Do not use
VPCLASS cpu,num=2,noage

On Feb 1, 8:04*pm, TBP <JonRit... (AT) Sky (DOT) Com> wrote:

Quote:

On Feb 1, 11:56*pm, caver <dmcbr... (AT) courts (DOT) state.va.us> wrote:

We have a requirement to encrypt data in transit from the client to
the database. *We are trying to use onsocssl with odbc, but have not
had any luck. *Does anyone have any experience with onsocssl with odbc
access from a windows client?

We can connect to dbaccess using onsocssl, but each time we attempt to
connect using odbc we get this error:

Secure Sockets Layer error : GSK_KEYRING_OPEN_ERROR - keyring file did
not open.

I have done google searches (no luck) and have opened a call with
informix support (still researching), but wanted to know if there is
anyone who has successfully implemented this?

Thanks for any response.

Have you set up the certificate on the client?- Hide quoted text -

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Encrypting Data in Transit with onsocssl

comp.databases.informix comp.databases.informix

Encrypting Data in Transit with onsocssl - 02-01-2011 , 05:56 PM

Re: Encrypting Data in Transit with onsocssl - 02-01-2011 , 07:04 PM

Re: Encrypting Data in Transit with onsocssl - 02-15-2011 , 04:29 PM