Creating secrets to protect sensitive Db2 SSL configuration data

If you plan to use SSL for your Db2® database, create a secret manually to protect the certificate data for the database.

Procedure

  1. Obtain the certificate file, tls.crt, from your database server.
  2. Prepare your database_ssl_secret_name:
    Using your values, run the following command:
    kubectl create secret generic <db2 ssl secret name> --from-file=tls.crt="<crt file in local>" -n "{{ namespace }}"

    The secret you create, ibm-db2-ssl-cert-secret, is the value for the parameter database_ssl_secret_name.

What to do next

Use the name of your secret to create the configuration for an SSL database connection when you complete your CR YAML file.
The following values specify the SSL database configuration and provide the name of the SSL secret that you created:
dc_ssl_enabled: true
database_ssl_secret_name: "<db ssl secret name>"
For example, for the relevant datasource for your FileNet® Content Manager deployment, your CR might look like the following sample snip:
datasource_configuration:
    # the candidate value is "db2" or "db2HADR" or "oracle" or "sqlserver"
    dc_ssl_enabled: true
    dc_gcd_datasource:
      dc_database_type: "db2"
      ...
      database_ssl_secret_name: "ibm-db2-ssl-cert-secret"
    dc_os_datasources:
    - dc_database_type: "db2"
       ...
      database_ssl_secret_name: "ibm-db2-ssl-cert-secret"

Also remember to add the database user name and password to the ibm-fncm-secret.