Restoring an encrypted backup image to a different system with a centralized key manager
If you are using a centralized key manager, restore an encrypted backup image on a different system by configuring that system with the centralized key manager, then running the RESTORE DATABASE command.
To restore an encrypted backup image from System A to System B:
- Copy the centralized keystore configuration file securely to System B.
- Copy the keystore file which stores the SSL certificates securely to System B.
- Configure System B with the centralized key manager by updating the keystore_location configuration parameter. Also update the SSL_KEYDB keyword in the centralized keystore configuration file to point to where you copied the keystore file with the SSL certificates. Update SSL_KEYDB_STASH as well if you have a stash file.
Restore the backup image on System B:
db2 restore database <database_name> encrypt;