Welcome
Security
You can secure your Informix® database server and the data that is stored in your Informix databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
Security in HCL Informix®
These topics document methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
Securing data
Network data encryption
Use network encryption to encrypt data transmitted between server and client, and between server and other server.
Secure sockets layer protocol
Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are communication protocols that use encryption to provide privacy and integrity for data communication through a reliable end-to-end secure connection between two points over a network.
Renewing expired certificates in a keystore
Renewing a CA-signed certificate

HCL Informix® V15.0 documentation
Welcome to the documentation for HCL Informix® 15.0 and related client tools and products.
Product overview
HCL Informix® is a fast and scalable database server that manages traditional relational, object-relational, and dimensional databases. Its small footprint and self-managing capabilities are suited to embedded data-management solutions.
Installing
These topics describe how to install HCL Informix® database servers, client products, and DataBlade® modules.
Administering
In addition to administering the database server, you can tune performance, replicate data, and archive data.
Migrating and upgrading
You can upgrade to the 15.0 release of HCL Informix® or migrate from other database servers to Informix. Upgrading is an in-place migration method that uses your existing hardware and operating system software. Some changes to the Informix database server can affect upgrading from a previous release.
Client APIs and tools
You can use the HCL Informix® implementation of client APIs to develop applications for Informix database servers.
Embedding Informix®
When you embed HCL Informix®, you can use enterprise-class high-availability and high performance with embeddability features such as easy programmability, a small disk and memory footprint, and silent deployment.
Extending Informix®
Beyond standard relational database objects, HCL Informix® can be extended to handle specialized data types, access methods, routines, and other objects. Informix includes many built-in extensions that are fully integrated in the database server. Informix also provides DataBlade® modules, which are packages of extended database objects for a particular purpose and that are installed separately from the database server. Alternatively, you can create your own user-defined objects for Informix.
Data warehousing
In addition to designing and implementing Informix® dimensional databases, you can use tools to create data warehouse applications and optimize your data warehouse queries.
Designing databases
The first step in creating a relational database is to construct a data model, which is a precise, complete definition of the data you want to store. After you prepare your data model, you must implement it as a database and tables. To implement your data model, you first select a data type for each column and then you create a database and tables and populate the tables with data. You can also implement fragmentation strategies and control access to your data.
JSON compatibility
You can use the popular JSON-oriented query language created by MongoDB to interact with data stored in HCL Informix®.
Security
You can secure your Informix® database server and the data that is stored in your Informix databases. You can encrypt data, secure connections, control user privileges and access, and audit data security.
- Security in HCL Informix®
  These topics document methods for keeping your data secure by preventing unauthorized viewing and altering of data or database objects, including how to use the secure-auditing facility of the database server.
  - Securing data
    - HCL Informix® directory security
      HCL Informix® utilities and product directories are secure by default.
    - Network data encryption
      Use network encryption to encrypt data transmitted between server and client, and between server and other server.
      - Communication support modules for data transmission encryption
        You can use the communication support modules (CSMs) to encrypt data transmissions, including distributed queries, over the network.
      - Enterprise replication and high availability network data encryption
        You can configure network data encryption for Enterprise Replication and high availability clusters by using configuration parameters.
      - Secure sockets layer protocol
        Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), are communication protocols that use encryption to provide privacy and integrity for data communication through a reliable end-to-end secure connection between two points over a network.
        Configuring a server instance for secure sockets layer connections
        Configure the HCL Informix® instance for Secure Sockets Layer (SSL) connections by adding connection information to the sqlhosts file, setting SSL configuration parameters, and configuring the keystore and the digital certificates it stores.
        Configuring a client for SSL connections
        Configure an ESQL/C, ODBC, DB-Access, dbexport, dbimport, dbschema, or dbload database client by adding connection information to the sqlhosts file, setting SSL configuration parameters, and configuring the keystore and the digital certificates it stores.
        Renewing expired certificates in a keystore
        Renewing a CA-signed certificate
        Renewing a self-signed certificate
      - Background Knowledge on Keystores
        This topic offers some generic insights into keystores and how they are used for secure communications with the TLS (Transport Layer Security) protocol. While the first part provides the theoretical background, the second part shows examples for applying this in practice using OpenSSL.
    - Column-level encryption
      You can use column-level encryption to store sensitive data in an encrypted format. After encrypting sensitive data, such as credit card numbers, only users who can provide a secret password can decrypt the data.
    - Connection security
      You can administer the security of the connections to the database server by using authentication and authorization processes.
    - Discretionary access control
      Discretionary access control verifies whether the user who is attempting to perform an operation has been granted the required privileges to perform that operation.
    - Label-Based Access Control
      You can use label-based access control (LBAC), an implementation of multi-level security (MLS), to control who has read access and who has write access to individual rows and columns of data.
  - Auditing data security
SQL programming
You can use the HCL Informix® implementation of the SQL language to develop applications for Informix database servers.
Troubleshooting HCL Informix®
Several troubleshooting techniques, tools, and resources are available for resolving problems that you encounter in your HCL Informix® database server environment.

Renewing a CA-signed certificate

About this task

If a CA signed certificate is close to expiry, it is possible to renew the certificate by recreating a new certificate signing request.

Procedure

In this task, as an example, refer cert1_renew.csr as the recreated certificate request and cert1_renew.pem as the renewed certificate signed by the CA.

List the certificates in the keystore, then use the label "cert1" of the personal certificate to get detailed information on this certificate. Check the expiration date shown as the "Not after:" value.

gsk8capicmd_64 -cert -list -db renew.p12 -stashed
Certificates found

* default, - personal, ! trusted, # secret key

!       ddRoot
-      cert1
gsk8capicmd_64 -cert -details -db renew.p12 -stashed -label cert1
Label : cert1
Key Size : 2048
Version : X509 V3
Serial : 6363d2bef7cd7e20
Issuer : CN=Dave,C=US
Subject : CN=domain,O=you,C=US
Not Before : September 28, 2022 4:29:52 PM CDT

Not After : September 30, 2022 4:29:52 PM CDT

Recreate the certificate signing request by running:

gsk8capicmd_64 -certreq -recreate -db renew.p12 -stashed -label cert1 -target cert1_renew.csr

Send the newly recreated certificate request to the original Certificate Authority (CA) for signing. Upon receiving the renewed certificate from the CA in file "cert1_renew.pem", place this renewed certificate in your server keystore by running:
```
gsk8capicmd_64 -cert -receive -db renew.p12 -stashed -file cert1_renew.pem
```

Verify the details of the renewed certificate:


gsk8capicmd_64 -cert -details -db renew.p12 -stashed -label cert1

Label : cert1
Key Size : 2048
Version : X509 V3
Serial : 303c392837085051
Issuer : CN=Dave,C=US
Subject : CN=domain,O=you,C=US
Not Before : September 28, 2022 4:45:04 PM CDT

Not After : September 24, 2023 4:45:04 PM CDT