Configuring TLS to communicate with Db2 server

Configure TLS (Transport Layer Security) for a secure communication between the IBM Guardium Key Lifecycle Manager server and the Db2 server.

Procedure

  1. Configure TLS in the Db2 server. For more information, see Configuring TLS support in a Db2 server.
  2. Open the datasource.xml file in the IBM Guardium Key Lifecycle Manager server at the following location.
    Windows
    WAS_HOME\usr\servers\gklm50server
    Linux®
    WAS_HOME/usr/servers/gklm50server
  3. Update the following properties in the <properties.db2.jcc /> tag of the datasource.xml file. 
    sslConnection="true" 
portNumber="<new ssl port number that is obtained from Step 1 >
  4. Import the Db2 client certificate (obtained from Step 1) as a trusted certificate into the key.p12 file by using the keytool tool. 
    WAS_HOME/java/8.0/bin/keytool -import -storetype PKCS12 -keystore 
WAS_HOME/usr/servers/gklm50server/resources/security/key.p12 -alias db2Cert -file /home/klmdb50/myselfsigned.crt -storepass <key store password> -trustcacerts
    For directory path information, see Definitions for HOME and other directory variables.
  5. Restart WebSphere Application Server Liberty. For more information, see Starting, stopping, restarting WebSphere Liberty.

What to do next

You can configure TLS in a multi-master cluster. For more information, see Configuring TLS for the communication between primary and standby HADR servers .