Testing your keystore configuration

To test a new or changed valid keystore configuration file against a centralized keystore, without disturbing your Db2® system, you can use the appropriate key migration tool.

Procedure

To test your keystore configuration file:

  1. Create a temporary PKCS #12 local keystore file.
  2. Place a dummy master key in the local keystore file.
  3. Place a copy of the new or modified Db2 keystore configuration file in a safe, temporary location (for example, not one used by Db2).
  4. Run the appropriate migration tool with the local keystore file as the source and pass the new or modified keystore configuration file as input:
    • For KMIP, run the db2p12tokmip command
    • For PKCS #11, run the db2p12top11 command

Results

If successful, the dummy master key is replaced in the target centralized keystore.

Example

If you create a local keystore file that is called temporary.p12 and place a copy of the modified keystore configuration in a file that is called testkeystore.cfg, you would test the validity of the keystore configuration by running the following command:

db2p12top11 –from temporary.p12 –to testkeystore.cfg