Configure TLS (Transport Layer Security) for a secure communication between the IBM® Security Guardium® Key Lifecycle Manager server and the Db2® server.
- Configure TLS in the Db2 server. For
more information, see Configuring TLS support in a Db2 server.
- Open the datasource.xml file in the IBM Security Guardium Key Lifecycle Manager server at the following location.
- Windows
-
WAS_HOME\usr\servers\gklm42server
- Linux®
-
WAS_HOME/usr/servers/gklm42server
- Update the following properties in the <properties.db2.jcc /> tag
of the datasource.xml file.
sslConnection="true"
portNumber="<new ssl port number that is obtained from Step 1 >”
- Import the Db2 client certificate
(obtained from Step 1) as a trusted certificate into the
key.p12
file by using the keytool tool.
WAS_HOME/java/8.0/bin/keytool -import -storetype PKCS12 -keystore
WAS_HOME/usr/servers/gklm50server/resources/security/key.p12 -alias db2Cert -file /home/klmdb50/myselfsigned.crt -storepass <key store password> -trustcacerts
- Restart WebSphere® Application Server Liberty. For more information,
see Starting, stopping, restarting WebSphere Liberty.
What to do next
You can configure TLS in a multi-master cluster. For more information, see Configuring TLS for the communication between primary and standby HADR servers
.