To encrypt ODBC data, IBM recommends the industry-standard TLS encryption protocol (the successor to SSL).
When we use open source languages such as PHP, Python, and Node.js on IBM i to help companies build and access APIs and other resources, we expect these resources to be protected with encryption (for example, the https:// protocol). Further protection is provided by an SSL / TLS certificate that can be authorized, or signed, by a popular certificate authority such as Verisign, Comodo, or Let’s Encrypt, or signed internally by the company itself.
Self-signed certificates are most useful in situations where public trust of a certificate is unnecessary, such as:
When you browse a secure web site or API whose address starts with “https,” what makes the site secure? The site uses a special certificate, provided by a trusted Certificate Authority (CA), to prove that it is legitimate. Until recently, IT shops had to pay for these certificates and generate them manually.
In the last few years, Let’s Encrypt has earned the thanks of technology professionals. Let’s Encrypt, a CA run for the public’s benefit, offers certificates at no charge, along with scripts to generate and regenerate certificates as needed, reducing the effort of keeping certificates up to date, and keeping sites secure.