SQL Data Insights (SQL DI) uses the SSL certificates and the RACF® keyring that you specified during the installation to secure network communications and authenticate users. If you change the keyring configuration, you must update the keyring specification on the SQL DI server. You can use the shell CLI to update the keyring information.
Procedure
- In a bash session, change to the $SQLDI_INSTALL_DIR/sql-data-insights/bin directory.
- Start the keyring specification change by invoking the sqldi.sh shell script with the update_keyring command as shown in the following example:
- Follow the onscreen prompts to enter the updated keyring specification as shown in the following example:
==> sqldi.sh update_keyring
SQL Data Insights requires one of the following keystore types:
1) JCERACFKS (for managing RACF certificates and keys)
2) JCECCARACFKS (for managing RACF certificates and keys and exploiting hardware
crypto)
Select your keystore type: 1
Enter the keyring name: MYKEYRING
Enter the keyring owner: USRT001
Enter certificate label: MYKEY
Verifying the following keyring information ...
- After the update is successfully verified, restart the SQL DI server to use the modified keyring information by issuing the following commands:
./sqldi.sh stop
./sqldi.sh start
- Recreate all user credentials files that you have created for accessing SQL DI and connecting to Db2.
When you create a credentials file,
SQL DI uses the server public key to encrypt your password. Changing the keyring configuration effectively revokes the existing public key of the server and thus invalidate the credential file itself. As a result, you must regenerate the credentials file. See
Creating and encrypting a credentials file with SQL DI shell CLI for instructions.