Renewing or replacing the TLS certificate in an HADR configuration
You can renew a Transport Layer Security (TLS) certificate that is about to expire or replace the certificate. The TLS certificate is needed for encrypted communication between primary and standby HADR servers.
Procedure
The steps are slightly different between renewing an existing TLS certificate and replacing a TLS
certificate.
- Replacing a TLS certificate
-
- On the standby host, update
HADR_SSL_LABEL:
db2 update db cfg for <db> using HADR_SSL_LABEL <standbyNewLabel> - On the primary host, update
HADR_SSL_LABEL:
db2 update db cfg for <db> using HADR_SSL_LABEL <primaryNewLabel> - On the standby host, deactivate the database:
db2 deactivate db <db> - On the standby host, activate the database:
db2 activate db <db>
- On the standby host, update
HADR_SSL_LABEL:
- Renewing a TLS certificate
-
- On the standby host, deactivate the database:
db2 deactivate db <db> - On the standby host, activate the database:
db2 activate db <db>
- On the standby host, deactivate the database: