Configuring SSL on DB2 during runtime

You can configure SSL for a secure connection between Sterling B2B Integrator and DB2 during runtime.

Before you begin

For more information on how to configure SSL on a DB2 instance, see IBM DB2 Documentation.

At present, Sterling B2B Integrator supports SSL encryption mechanism using the Java Key Store (JKS) files.

To convert the DB2 server key files b2biclient.arm or b2biclient.cer, use the following commands:

keytool -import -noprompt -trustcacerts -alias b2bidb2 -file b2biclient.arm -keystore key.jks -storepass password -keypass password
keytool -import -v -trustcacerts -alias keyAlias -file server.cer -keystore cacerts.jks -keypass changeit
Note: The keytool is located in the <B2Bi_install>/jdk/bin directory.

About this task

Note:
  • The SSL feature is configured on DB2 v11.1 or later versions.
  • At present, only one-way SSL is supported.

Procedure

  1. Download the JDBC driver from here DB2 JDBC Driver Versions and Downloads.
  2. Stop the Sterling B2B Integrator services.
  3. Install DB2 with the SSL option.
  4. Go to Sterling B2B Integrator installation directory and navigate to the Properties folder. Back up the following files before you update them.
    1. jdbc.properties.in
    2. jdbc.properties_platform_ifcresources_ext.in
  5. Specify the following parameters:
    Parameter Name Description Optional or Mandatory
    key.jks File name in the modified URL for DB2 SSL setup. Mandatory
    password Password for the truststore file. Mandatory

    Find the base JDBC URL for the following database pools and update with the SSL configured URLs in:

    1. jdbc.properties.in file.

      • db2Pool

      • db2Pool_local

      • db2Pool_NoTrans

      For example:
      The base JDBC URL is updated with the SSL URLs for the above mentioned pools. 
      
Existing JDBC URL -              db2Pool.url=jdbc:db2://<IP address of DB2 server:port number>/B2Bi
                                      db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi

      
Modified JDBC URLs:
db2pool -                             db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
                                      sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password

db2Pool_local -                       db2Pool_local.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
                                      sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password

db2Pool_NoTrans -                     db2Pool_NoTrans.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
                                      sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
    2. jdbc.properties_platform_ifcresources_ext.in file.

      • db2ArchivePool

      • db2UIPool

      For example:
      The base JDBC URL is updated with the SSL URLs for the above mentioned pools. 
      
Existing JDBC URL -            db2Pool.url=jdbc:db2://<IP address of DB2 server:port number>/B2Bi
                                    db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi

      
Modified JDBC URLs:
db2ArchivePool -                    db2ArchivePool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
                                    sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password

db2UIPool -                         db2UIPool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
                                    sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
  6. Run setupfiles.sh for Linux/Unix and setupfiles.cmd for Windows.
  7. Run deployer.sh for Linux/Unix and deployer.cmd for Windows.
  8. Restart the Sterling B2B Integrator services.