Installing custom SSL certificates
Use this procedure to install custom SSL certificates.
Before you begin
-
You must have your own SSL certificates which includes the following files in PEM format.
- cert.pem: ssl certificate, not including passphrase
- key.pem: ssl certificate key
The format of both the certificate and key must match. If the certificate is in any other format, convert it to PEM format.
Note: Make sure the file name for the ssl certificate iscert.pem
, and file name for ssl certificate key iskey.pem
, and it is case sensitive. - Create the certification folder. Complete the following steps:
- To create a folder, run
mkdir -p /mycerts
- Move or copy the SSL certificate files to the folder
/mycerts
- To storage mount, run
-v /mycerts:/opt/ibm-datasrvrmgr/certs
- To create a folder, run
Procedure
Run the following command:
docker run -d --name mydmc -p 11081:8443 -e LICENSE=accept \
-v <dmc storage dir>:/mnt -v <certs dir>:/opt/ibm-datasrvrmgr/certs \
-v /etc/localtime:/etc/localtime:ro icr.io/cpopen/db2console/db2console:latest
When the SSL certificates are deployed on the container, the following message displays in the
logs:
script.log 2020-04-14 04:32:26 : Prod machine, using CA certs...
s!SSLDIRHERE!/opt/ibm-datasrvrmgr/certs/cert.pem!g
s!KEYDIRHERE!/opt/ibm-datasrvrmgr/certs/key.pem!g