If you are using a centralized key manager, restore an encrypted backup image on a
different system by configuring that system with the centralized key manager, then running the
RESTORE DATABASE command.
Procedure
To restore an encrypted backup image from System A to System B:
-
Copy the centralized keystore configuration file securely to System B.
-
Copy the keystore file which stores the TLS certificates securely
to System B.
-
Configure System B with the centralized key manager by
updating the keystore_location configuration parameter. Also update the
SSL_KEYDB keyword in the centralized keystore
configuration file to point to where you copied the keystore file with the TLS certificates. Update
SSL_KEYDB_STASH as well if you have a stash file.
-
Restore the backup image on System B:
db2 restore database <database_name> encrypt;