Obtaining SSL certificate for database

If the database requires an SSL connection, you must obtain the certificate for the database. You can use the openssl command to connect to the database host and port that is specified in the database URL

Procedure

  1. Run the openssl command: openssl s_client -showcerts -connect databasehost:databaseport
  2. While activating Maximo® Manage, go to the Database section and open it.
  3. Give the certificate an alias that does not conflict with other certificates in the trust store.
  4. Make sure that SSL Enabled is set to Yes in the UI.
  5. Specify the certificate on the jdbccfg CR in the certificates section as shown in the following example.

    Sample Custom Resource (CR)

    apiVersion: config.mas.ibm.com/v1
kind: JdbcCfg
metadata:
  name: "mng-jdbc-system"
  namespace: "mas-mng-core"
  labels:
    mas.ibm.com/configScope: system
    mas.ibm.com/instanceId: "mng"
spec:
  displayName: IBM Cloud Databases for Db2
  config:
    url: "jdbc:db2://dashdb-txn-sbox-yp-lon02-02.services.eu-gb.bluemix.net:50001/BLUDB;sslConnection=true"
    sslEnabled: true
    credentials:
      secretName: db2-masdev-lite-credentials
  certificates:
    - alias: part1
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIG7zCCBdegAwIBAgIQBMX5yCODP3RIcSrij07HJjANBgkqhkiG9w0BAQsFADBN
        MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
        aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMjA3MDAwMDAwWhcN
        MjIwMjExMTIwMDAwWjCBkzELMAkGA1UEBhMCVVMxDzANBgNVBAgTBkthbnNhczEW
        MBQGA1UEBxMNT3ZlcmxhbmQgUGFyazE0MDIGA1UEChMrSU5URVJOQVRJT05BTCBC
        VVNJTkVTUyBNQUNISU5FUyBDT1JQT1JBVElPTjElMCMGA1UEAwwcKi5zZXJ2aWNl
        cy5ldS1nYi5ibHVlbWl4Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
        ggEBAJzzmjnE+tJklZkrEEHP4RkDdJ+Tmho0diJdK8soPNVSvs5SuWNWKnbDDohE
        B/jEiSGmClWKPFzAAn+PlTU2djntLma6LWATycOzx0E2r+22la1yg+UhZrOBfQ9e
        fAy3wQcu7Aylsq8OsMgM33+U0aM254urrkg3x0RV1Do1Y1sAzw2/wJmSilmMOvyf
        hWZUad9hNWi/1bEt6z4WPn/23lbvDzeTlr6jznHFArQ8e6/AV98orFd82NxZcM6K
        ByGtQpyXkBNf0wy/8kbyY0qzisoWLnanyxAHJABnUEsjS3WmvRQ8H1QW7RT63lwL
        9s13dErNg7D8l4L9NVWsiJMaTPcCAwEAAaOCA4IwggN+MB8GA1UdIwQYMBaAFA+A
        YRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBSuP2nUw2cmgLQqvH6vI7Ok1zQ/
        jjBDBgNVHREEPDA6ghwqLnNlcnZpY2VzLmV1LWdiLmJsdWVtaXgubmV0ghpzZXJ2
        aWNlcy5ldS1nYi5ibHVlbWl4Lm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
        FAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9j
        cmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8v
        Y3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcG
        CWCGSAGG/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j
        b20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0
        dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2Vy
        dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAM
        BgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwCkuQmQtBhY
        FIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXAh/gncAAAEAwBIMEYCIQC75oq7
        nsysXvTj9uwOH+4p3/LZD4mEGzC27BQPaFFsvwIhAKinjPXsguG3Q/7EZJey/orx
        hTjJDio6yKKvGQr8SIysAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7i
        DwIAAAFwIf4KMgAABAMARzBFAiEAztl/4xYHslgBIauTztvYEkMxVFijFKvYAXF3
        v8FzDzMCIA59GDHJfiqC18angaQzKyDIuYuRPTDMNixgoOht/mjUAHYAQcjKsd8i
        RkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFwIf4JrgAABAMARzBFAiEAsB5k
        q51RvxRXk0wyTWX92QQc+IrL5+0rUwfBXeY1jPgCIH944k+IpKAFN5vM5YnGk/Xl
        ryONIoMWkDOtqdpvyqARMA0GCSqGSIb3DQEBCwUAA4IBAQBShftEwr1tIjh4alof
        Sc+BScv7NdRXHIOJDg2lQZ3mhBq7MttW/cAWpVlEKvEw/31KB2iQLJN90Q8grTwr
        NMBSeNu4b1CTJY+vBYRKKfYEqJH74oHURu4d+9wZI0ZUcHJvXj1vgBR/8O+7YV2Y
        yO2u/4sJJjp3yVNa/RzroI6oS+O1w0znzc5Io+vst50hveVmiwaHH4fNUX00BqHE
        Asy2nFSpvzNS/dlMGgM6XoEU46CMS0ORIoxoMEWRbDk2OPdCtKsg+ySkIYS/ylyN
        vdClL1WOhHqLrG5ZCVQoVgr92vLtxys+rHAeqJISdq3ol6QV3iGpBXjv9hwW9hpi
        XhSQ
        -----END CERTIFICATE----