Restoring an encrypted backup image to a different system with a centralized key manager

If you are using a centralized key manager, restore an encrypted backup image on a different system by configuring that system with the centralized key manager, then running the RESTORE DATABASE command.

Procedure

To restore an encrypted backup image from System A to System B:

  1. Copy the centralized keystore configuration file securely to System B.
  2. Copy the keystore file which stores the TLS certificates securely to System B.
  3. Configure System B with the centralized key manager by updating the keystore_location configuration parameter. Also update the SSL_KEYDB keyword in the centralized keystore configuration file to point to where you copied the keystore file with the TLS certificates. Update SSL_KEYDB_STASH as well if you have a stash file.
  4. Restore the backup image on System B:
    db2 restore database <database_name> encrypt;