0

I have been trying to connect my Node.js Public Bluemix app to a DB2 server which is behind a firewall using the secure gateway service of Bluemix. When I try that by just using TCP everything works fine. I am now trying to use the TLS:Mutual Auth option and I can't make it work.

I followed this tutorial (https://developer.ibm.com/bluemix/2015/04/17/securing-destinations-tls-bluemix-secure-gateway/) and the tunnel seems to be created (I can see that at logs of the gateway client) but no data is coming through.

In the object Options which is a parameter of tls.connect, if I set rejectUnauthorized: true then I get "UNABLE_TO_GET_ISSUER_CERT" while I am using the generated certificates of the destination. If I set rejectUnauthorized: false, then it seems to work and the connection opens but nothing comes through, it just hangs. In both cases, I am using the same code that works when TLS is not set up and is based on the ibm_db node driver for DB2.

Has anyone experience with this, I have been struggling with it for some days now and any help would be much appreciated.

doctor667
  • 3
  • 2
  • When attempting the connection with TLS, you get the appropriate logs on your client for attempting your connection? If your DB is expecting a TLS connection, did you update the destination in Secure Gateway to designate that the destination-side needs to be using TLS (and potentially upload the appropriate certificate from your server to the destination)? – Galen Keene Oct 04 '16 at 16:29

1 Answers1

0

After some discussion, we determined that part of the problem was explicitly stating a piece of the cert chain in the CA, causing the UNABLE_TO_GET_ISSUER_CERT error to be emitted. This can be resolved by either adding the full chain to the CA or not explicitly adding anything to the CA (as the cert is publicly signed).

An underlying issue that was identified is that the ibm_db node driver for DB2 does not appear to work as expected for TLS connections.

Galen Keene
  • 303
  • 1
  • 10