Enabling HTTPS for IBM Db2 Data Management Console

You can use an HTTPS URL for accessing the IBM® Db2® Data Management Console.

Procedure

  1. Obtain a SSL Certificate from a CA.
    The supported CA certificate formats are: jks, pkcs12

    Optional: You can also create a self-signed certificate for the host of the console server using FQDN.

  2. On receiving the certificate, you will receive a certificate file and password.
    1. Do the following:
      • For Linux® AIX® and Mac system:
        Encrypt the password using the following command:
        <dmchome>/dsutil/bin/libertyCertsCrypt.sh '<password>'
      • For Windows system:
        Encrypt the password using the following command:
        <dmchome>\dsutil\bin\libertyCertsCrypt.bat '<password>'
    2. Modify the bootstrap.properties file.
      For Linux, AIX and Mac it is located at:
      <dmchome>/wlp/usr/servers/dsweb
      For Windows, it is located at: 
      <dmchome>\wlp\usr\servers\dsweb
      Modify the wlp.keystore.type parameter. Supported keystore types are pkcs12 or jks.
      
wlp.keystore.type=pkcs12
      or 
      
wlp.keystore.type=jks
      If the certificate is p12 file, the value is pkcs12. If the certificate is jks file, the value is jks.
    3. Specify the wlp keystore location:
      wlp.keystore.location=<location of CA>
      If the certificate is located in <dmchome>/wlp/usr/servers/dsweb/resources/security folder, you can just specify the certificate file name.
    4. Specify the wlp keystore password:
      wlp.keystore.password=<encrypted password from step a>
  3. Restart the console.

Example

To create a self-signed certificate:
  1. Run the following command to generate the certificate (certificate.pem) and key (key.pem) files in /opt/keystore/dmc. The keystore for the certificate is created in this directory. 
    cd /opt/keystore/dmc
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

    You will be prompted to provide information for the certificate. For the Common Name parameter ensure to provide the FQDN hostname of Db2 Data Management Console system.

    Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:San Jose
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IBM
Organizational Unit Name (eg, section) []:Data and AI
Common Name (e.g. server FQDN or YOUR name) []:dsmga41.fyre.ibm.com
Email Address []:
  2. Convert the certificate file into pkcs12 format. For example, cert.p12. Provide a password when prompted. In this example, the password is: changeme
    openssl pkcs12 -export -in certificate.pem -inkey key.pem -out cert.p12
    The cert.p12 file is generated.