Updating the Db2 Warehouse SSL certificate after the Cloud Pak for Data self-signed certificate is updated

When the Cloud Pak for Data self-signed certificate is updated, you must also update the Db2 Warehouse SSL certificate.

About this task

Attention: Starting with Cloud Pak for Data 4.6.0, the Db2 Warehouse SSL certificate is automatically rotated. You are no longer required to do this task.

Follow this procedure for Cloud Pak for Data 4.0.5 and later. For previous releases, see Updating the Db2 SSL certificate after the Cloud Pak for Data self-signed certificate is updated.

Procedure

  1. Check whether the Cloud Pak for Data self-signed certificate was automatically updated by following these steps:
    1. Run the following command:
      oc get secret internal-tls -o yaml
    2. In the output from the command, copy the tls.crt value.
    3. Run the following command, substituting the tls.crt value.
      echo tls.crt | base64 -d > tlscert.pem
    4. Open the certificate to view its contents:
      openssl x509 -in tlscert.pem -text
    5. Check the expiration date of tlscert.pem. If the expiration date is old, you must delete the internal-tls secret, wait for the Db2U pod to restart, and then proceed to Step 2.
  2. Run the following command to launch the certificate update tool in the Db2U engine pod:
    oc exec -it db2u-engine-pod -- bash -l /db2u/scripts/db2_rotate_ssl_certs.sh