When the Cloud Pak for Data self-signed
certificate is updated, you must also update the Db2
Warehouse SSL certificate.
About this task
Attention: Starting with Cloud Pak for Data
4.6.0, the Db2
Warehouse SSL certificate is automatically rotated. You are no longer required
to do this task.
Follow this procedure for Cloud Pak for Data 4.0.5 and
later. For previous releases, see Updating the Db2 SSL certificate after the Cloud Pak for Data
self-signed certificate is updated.
Procedure
-
Check whether the Cloud Pak for Data self-signed
certificate was automatically updated by following these steps:
- Run the following command:
oc get secret internal-tls -o yaml
- In the output from the command, copy the
tls.crt
value.
- Run the following command, substituting the
tls.crt
value.
echo tls.crt
| base64 -d > tlscert.pem
- Open the certificate to view its contents:
openssl x509 -in tlscert.pem -text
- Check the expiration date of tlscert.pem. If the expiration date
is old, you must delete the internal-tls secret, wait for the Db2U pod to restart, and then proceed to Step
2.
- Run the following command to launch the certificate update tool in the Db2U engine pod:
oc exec -it db2u-engine-pod -- bash -l /db2u/scripts/db2_rotate_ssl_certs.sh