Configuring secure access to DB2 databases in federated environments

Edit online
Draft comment:
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15
Draft comment:
This topic was viewed 5 times since its publication
Secure access to IBM® DB2® databases by enabling Secure Sockets Layer (SSL) communication between Process Federation Server and the database server.

Before you begin

Ensure that the following conditions are met:
  • SSL is enabled for Process Federation Server.
  • SSL is enabled for the DB2 server and an SSL certified authority (CA) certificate is available.
  • In the properties.db2.jcc file on Process Federation Server, ensure that the sslConnection option is set to true.

Procedure

  1. Import the DB2 database server SSL CA certificate into the Process Federation Server truststore with the keytool utility.
    On Process Federation Server, run the following command:
    keytool.exe -trustcacerts -alias custom_alias -file path_to_db2_cert -keystore path_to_keystore


Enter keystore password:
Owner: OU=Org_Unit, O=Org, C=Country
Issuer: OU=Org_Unit, O=Org, C=Country

   ...

Trust this certificate? [no]:  yes
Certificate was added to keystore
  2. Verify that the certificate is available on the server by running the following command: 
    keytool.exe -list -v -keystore path_to_keystore; -storepass keystore_password
  3. Enable SSL communication between Process Federation Server and the DB2 database server by adding the DB2 SSL port number that is specified in the properties.db2.jcc file for the DB2 JDBC driver to the server.xml file:
    1. Open the server.xml configuration file for editing.
      By default, the configuration file is in the pfs_install_root/usr/servers/server_name directory on Process Federation Server.
    2. Update the portNumber property in the dataSource element for the DB2 JDBC driver to point to the DB2 SSL port.
      The following code snippet is an example of a configured portNumber property for a DB2 JDBC driver:
      <dataSource
   ...
   ... 
   <properties.db2.jcc serverName="localhost" databaseName="BPMDB" 
      user="db2admin" password="password" 
      portNumber="DB2_SSL_port" sslConnection="true"
    </properties.db2.jcc>
</dataSource>

Results

SSL communication between Process Federation Server and the DB2 database server is enabled.