Enabling SSL connection for job repository

IBM® Db2® Data Management Console integrates with the job server as an add-on to retrieve data from the repository database. If the Db2 Data Management console server is configured to support SSL connection to the repository database, the job server requires you to configure some additional ODBC CLI parameters for supporting SSL connection.

To enable the use of SSL certificates for a job repository connection, use one of the following methods:

Method 1: Specify the certificate file when configuring a repository database
  1. Upload the server SSL certificate file to Db2 Data Management Console server.
  2. Log in to IBM Db2 Data Management Console.
  3. Click Administration and go to Settings > Repository to configure the repository database.
  4. Select the option Use SSL.
  5. In the SSL server certificate (optional) field, enter the certificate's fully qualified name.
  6. Enter data in all the required fields.
  7. Click Save.

For example, get the server SSL certificate by following the steps in the Configuring Secure Sockets Layer (SSL) support in a Db2 instance procedure. Extract the certificate and export it with the name 'mydbserver.arm'. You can then upload this certificate to the Db2 Data Management Console server as the SSL certificate file for establishing SSL connections to the Db2 server by the jobs server.

Method 2: Specify the keystore database file in the Db2 Data Management Console configuration file

  1. Upload the keystore database file (.kdb) to Db2 Data Management Console server.
  2. If you are using Clarity.Confidence.Control® to access the keystore database file, you must encrypt the password. Navigate to the folder <DMC_Install_directory>/dsutil/bin, and run the shell script crypt.sh or crypt.bat to encrypt your password.
    ./crypt.sh yourpassword
  3. If you are using the stash file (.sth) to access the key store database file, upload it to the Db2 Data Management Console server.
  4. Navigate to the folder <DMC_Install_directory>/Config, and open the metadb_override.properties file.
  5. Add the following properties:
    SSLClientKeystoredb = "<fully qualified keyfile path>"
SSLClientKeystoreDBPassword = <password>
    or
    SSLClientKeystash = <fully qualified stash file path>
    The SSLClientKeyStoreDBPassword and SSLClientKeystash keywords are mutually exclusive. To know more about these keywords, see SSLClientKeystoreDBPassword CLI/ODBC configuration keyword.
  6. Save the file and navigate to the folder <DMC_Install_directory>/addons/job-scheduler/bin/
  7. Restart the job scheduler.
To know more about generating the keystore database file and stash file, see Creating a keystore with GSKit.