When the Cloud Pak for Data self-signed
certificate is updated, the SSL certificate that is used by Db2® Big
SQL is automatically rotated to maintain
connectivity to the service. However, you can rotate the certificate manually.
About this task
By default, the Cloud Pak for Data self-signed
certificate is updated automatically. You can manually rotate the SSL certificate that is used by
Db2 Big
SQL to establish TLS encryption of the
client JDBC connections.
Procedure
- Log in to Red Hat®
OpenShift® Container Platform as a user
with sufficient permissions to complete the task:
- Change to the project where the Cloud Pak for Data control
plane is installed:
oc project ${PROJECT_CPD_INSTANCE}
- Identify the Db2 Big
SQL instance ID:
oc get cm -l component=db2bigsql -o custom-columns="Instance Id:{.data.instance_id},Instance Name:{.data.instance_name},Created:{.metadata.creationTimestamp}"
- Regenerate the Db2 Big
SQL
certificate:
oc delete secret bigsql-<instance-id>-internal-tls
The certificate manager regenerates a new certificate and re-creates the secret for that certificate. Wait 1 minute for the secret mount to be updated in the pods.
- Log in to the Db2 Big
SQL head
pod:
oc rsh c-bigsql-<instance-id>-db2u-0 bash
- Switch to the Db2 Big
SQL database
instance owner db2inst1:
- Connect to the database:
- Run the following procedure to pick up the changes to the Db2 Big
SQL certificate:
- Confirm that the command completes with the following response: