Providing TLS key store and key stash files for your IBM Db2 REST server

To connect to Db2® using certificate-based authentication, the TLS keystore and keystash files must be available inside the IBM® Db2 REST service container.

Before you begin

You can inject the TLS keystore and keystash files by pointing to a local directory where they reside from the command line when you start your IBM Db2 REST service container.

About this task

Create a new folder on the machine where your REST service container resides and place your TLS keystash and keystore files in the folder. Ensure the permissions on these files allow your Docker container users to read these files.

Procedure

Add the following to your docker run command after the

-e
LICENSE=view

specification.

-v /<your_folder>:/opt/ibm/dbrest/ssl

Where <your_folder> is the fully qualified path to the folder where your TLS keystore and keystash files are located.

When using these files in the authentication endpoint they will be available in the /opt/ibm/dbrest/ssl folder. For example:

/opt/ibm/dbrest/mySSLKeystore.kdb

An example of running this entire command is:

docker run -it --net=host -e LICENSE=view -v /<your_folder>:/opt/ibm/dbrest/ssl --name=db2rest icr.io/obs/hdm/db2rest:latest-amd64