Preparing for an SSL connection with Db2

You need to prepare your environment before you set up an SSL connection between the Content Platform Engine and the DB2® database server.

Before you begin

You need to configure an SSL connection with the Db2 database server from the WebSphere® Application Server console. For more information, see the topic Configuring an SSL connection with database server.

About this task

If you want to use an SSL connection with your database, you must import the SSL certificate from the database server into your CPE client machine. You can then configure an SSL-enabled connection to GCD and object store databases that use Db2.

Procedure

Follow the steps to configure SSL communication between Content Platform Engine and Db2 in a WebSphere Application Server environment:

Enable an SSL connection for your Db2 database.
For more information, see the topic TLS configuration of Db2 .
In the Content Platform Engine client machine, install the certificate file that you downloaded from the server in a folder of your choice.
Import the full path of the certificate into the truststore in the client machine.

You can use the following truststore to import the full path of the certificate:
- Default Java™ truststore - cacerts
- Custom JKS/PKCS12 truststore
For example, for a cacerts truststore in WebSphere Application Server, you can use the following command to import the certificate into the truststore:
```
keytool -importcert -trustcacerts -file <full_path_of_certificate_file> -keystore <path_to_keystore> -alias alias_of_certificate_file -storepass <ts_password> -storetype JKS
```
For a PKCS12 truststore in WebSphere Application Server, use the following command to import the certificate into the truststore:
```
keytool -importcert -trustcacerts -file <path>\db2.arm -keystore <path>\db2_truststore.p12 -storepass <truststore_password> -alias <ssl_cert_alias> -storetype PKCS12
```
In certain environments, the standard PKCS12 truststore may fail due to stricter parsing rules. In such cases, ensure that you use a legacy-compatible PKCS12 format. This step is important because some tools or processes may not work correctly with the default PKCS12 format. Converting to the legacy-compatible format helps avoid compatibility issues. Use the following command to convert the standard PKCS12 truststore into a legacy-compatible truststore:
```
keytool -J-Dkeystore.pkcs12.legacy -importkeystore -srckeystore <path>\db2_truststore.p12 -srcstoretype PKCS12 -destkeystore <path>\db2_truststore_legacy.p12 -deststoretype PKCS12
```

What to do next

You can now configure the Content Platform Engine GCD and object store data sources to use SSL connection with the Db2 database.

To configure the GCD data source to use SSL communication with Db2, see the topic Configuring the global configuration database JDBC data source settings.
To configure the object store data source to use SSL communication with Db2, see the topic Configuring the initial object store data sources by using the graphical user interface.