Using SSL/TLS database connections

Procedure

If you are upgrading database clients that uses SSL/TLS connections to Client SDK 4.50.xC4W1 or newer, you may need to migrate their client keystores. For more information, see Configuring a client for SSL connections.

To perform keystore migration:

If your database client installation is co-located with the database server installation, the database client continues to use GSKit asencryption library. In this case, keystore migration is not necessary.
If your database client uses a stand-alone installation of Client SDK 4.50.xC4W1 or newer, then it will now use OpenSSL as encryption library,rather than GSKit.In this case:
1. Ensure to have an appropriate version of OpenSSL installed before you install Client SDK 4.50.xC4W1 or newer.
2. If your client keystore has the GSKit-proprietary format "CMS" (file extension "*.kdb"), then this keystore needs to be converted to a PKCS#12 keystore. As the CMS format is GSKit-specific, you need the GSKit command "gsk8capicmd" (or "gsk7capicmd") in order to convert the keystore.
  Use a command like:
```
gsk8capicmd -keydb –convert –db KEYSTOREFILE.kdb -pw PASSWORD
-old_format cms -new_db KEYSTOREFILE.p12 -new_pw PASSWORD
-new_format pkcs12
```
3. Create a stash file with the keystore password to use with OpenSSL. Use the new utility "onkstash" contained with Client SDK 4.50.xC4W1 (or newer) to stash the keystore password:
```
onkstash KEYSTOREFILE.p12 PASSWORD
```
  Note: This step is also needed in case your keystore already had the PKCS#12 format.