When the Cloud Pak for Data self-signed
certificate is updated, the SSL certificate that is used by Watson
Query is automatically
rotated to maintain connectivity to the service. However, you can also rotate the certificate
manually.
About this task
By default, the Cloud Pak for Data self-signed
certificate is updated
automatically.
You can manually rotate the SSL certificate that is used by Watson
Query to establish TLS
encryption of client JDBC connections.
Procedure
To rotate the SSL certificate used by Watson
Query,
follow these steps.
- Log in to Red Hat®
OpenShift® Container Platform as a cluster administrator.
- Change to the project where Watson
Query pods are
installed.
oc project ${PROJECT_CPD_INSTANCE}
- Run the following command to regenerate the
dv-internal-tls
secret.
oc delete secret dv-internal-tls -n ${PROJECT_CPD_INSTANCE}
The certificate manager regenerates a new certificate and re-creates the secret for that
certificate. Wait 1 minute for the secret mount to be updated in the pods.
- Log in to the Watson
Query head pod.
oc rsh c-db2u-dv-db2u-0 bash
- Switch to the Watson
Query database instance owner
db2inst1
.
- Run the following command to connect to the database.
- Run the following stored procedure to pick up the changes to the Watson
Query
certificate.
db2 "CALL ROTATECERT()"
Confirm that the command completes with the following response.
Return Status = 0