Configuring TLS to communicate with Db2 server

Configure TLS (Transport Layer Security) for a secure communication between the IBM® Security Guardium® Key Lifecycle Manager server and the Db2® server.

Procedure

  1. Configure TLS in the Db2 server. For more information, see Configuring TLS support in a Db2 server.
  2. Open the datasource.xml file in the IBM Security Guardium Key Lifecycle Manager server at the following location.
    Windows
    WAS_HOME\usr\servers\gklm42server
    Linux®
    WAS_HOME/usr/servers/gklm42server
  3. Update the following properties in the <properties.db2.jcc /> tag of the datasource.xml file.
    sslConnection="true" 
    portNumber="<new ssl port number that is obtained from Step 1 >
  4. Import the Db2 client certificate (obtained from Step 1) as a trusted certificate into the key.p12 file by using the keytool tool.
    WAS_HOME/java/8.0/bin/keytool -import -storetype PKCS12 -keystore 
    WAS_HOME/usr/servers/gklm50server/resources/security/key.p12 -alias db2Cert -file /home/klmdb50/myselfsigned.crt -storepass <key store password> -trustcacerts
    For directory path information, see Definitions for HOME and other directory variables.
  5. Restart WebSphere® Application Server Liberty. For more information, see Starting, stopping, restarting WebSphere Liberty.

What to do next

You can configure TLS in a multi-master cluster. For more information, see Configuring TLS for the communication between primary and standby HADR servers .