Migrating the Db2 Warehouse SSL certificate after upgrading to Cloud Pak for Data 3.5.0

After you upgrade your Db2® Warehouse service to Cloud Pak for Data 3.5.0, you need to migrate the secure sockets layer (SSL) certificate so that Db2 Warehouse uses the new Cloud Pak for Data certificate.

1. Exec into the Db2 Warehouse pod and run the following command to disable the Wolverine high availability monitoring process:

   wvcli system disable -m "Stop HA"

2. Rename the backup folder for the SSL key store:

   sudo mv ${SSL_KEYSTORELOC}.bak ${SSL_KEYSTORELOC}.v300

3. As Db2 Warehouse instance owner, deactivate the database, stop Db2 Warehouse, and clean up IPC resources:

   su - db2inst1
   db2 deactivate db bludb
   db2stop force
   rah 'ipclean -a'

4. Clear the contents of the Db2 Warehouse SSL key store location:

   sudo rm -fr ${SSL_KEYSTORELOC}/*

5. Reconfigure the Db2 Warehouse SSL to use the Cloud Pak for Data SSL certificate:

   /bin/bash -c 'source /db2u/scripts/include/db2_ssl_functions.sh && setup_db2_ssl'

6. Start Db2 Warehouse, activate the database, and exit out of the Db2 Warehouse instance owner shell.

   db2start
   db2 activate db bludb
   exit

7. From the Db2 Warehouse default user, shell re-enable Wolverine and confirm that the high availability monitor reports Db2 Warehouse status to be UP:

   wvcli system enable -m "Start HA after SSL cert update"
   wvcli system ds

   You should see results that are similar to the following example:

   +-----+----------------------------------------------------------------------+------+--------+
   | MLN |                                 Node                                 | Port | Status |
   +-----+----------------------------------------------------------------------+------+--------+
   |  0  | c-db2wh-1604525501384-db2u-0.c-db2oltp-1604525501384-db2u-internal |  0   |   UP   |
   +-----+----------------------------------------------------------------------+------+--------+