Enabling SSL connection for job repository

IBM® Db2® Data Management Console integrates with the job server as an add-on to retrieve data from the repository database. If the Db2 Data Management console server is configured to support SSL connection to the repository database, the job server requires you to configure some additional ODBC CLI parameters for supporting SSL connection.

To enable the use of SSL certificates for a job repository connection, use one of the following methods:

Method 1: Specify the certificate file in the Db2 Data Management Console configuration file
  1. Upload the SSL certificate file to Db2 Data Management Console server.
  2. Navigate to the folder <DMC_Install_directory>/Config, and open the metadb_override.properties file.
  3. Add the following property:
    SSLServerCertificate = "<fully_qualified_certificate_name>"
  4. To know more about this property, see SSLServerCertificate
  5. Save the file and navigate to the folder <DMC_Install_directory>/addons/job-scheduler/bin/.
  6. Restart IBM Db2 Data Management Console.
    ./stop.sh
    ./start.sh

Method 2: Specify the keystore database file in the Db2 Data Management Console configuration file

  1. Upload the keystore database file (.kdb) to Db2 Data Management Console server.
  2. If you are using Clarity.Confidence.Control® to access the keystore database file, you must encrypt the password. Navigate to the folder <DMC_Install_directory>/dsutil/bin, and run the shell script crypt.sh or crypt.bat to encrypt your password.
    ./crypt.sh yourpassword
  3. If you are using the stash file (.sth) to access the key store database file, upload it to the Db2 Data Management Console server.
  4. Navigate to the folder <DMC_Install_directory>/Config, and open the metadb_override.properties file.
  5. Add the following properties:
    SSLClientKeystoredb = "<fully qualified keyfile path>"
    SSLClientKeystoreDBPassword = <password>
    or
    SSLClientKeystash = <fully qualified stash file path>
    The SSLClientKeyStoreDBPassword and SSLClientKeystash keywords are mutually exclusive. To know more about these keywords, see SSLClientKeystoreDBPassword CLI/ODBC configuration keyword.
  6. Save the file and navigate to the folder <DMC_Install_directory>/addons/job-scheduler/bin/
  7. Restart the job scheduler.
To know more about generating the keystore database file and stash file, see Creating a keystore with GSKit.
.