You can configure SSL for a secure connection between Sterling B2B Integrator and DB2 during
runtime.
For more information on how to configure SSL on a DB2 instance, see
IBM DB2 Documentation.
Note: Always ensure that you have the
latest JDBC driver that is compatible with the DB2 available. For more information, see
DB2 JDBC Driver Versions and Downloads. An existing JDBC driver may not be
compatible with the DB2.
At present, Sterling B2B Integrator supports SSL encryption
mechanism using the Java Key Store (JKS) files.
To convert the DB2 server key files
b2biclient.arm or
b2biclient.cer, use the following
commands:
keytool -import -noprompt -trustcacerts -alias b2bidb2 -file b2biclient.arm -keystore key.jks -storepass password -keypass password
keytool -import -v -trustcacerts -alias keyAlias -file server.cer -keystore cacerts.jks -keypass changeit
Note: The
keytool is located in the <B2Bi_install>/jdk/bin directory.
Important:
- The SSL feature is configured on DB2 v11.1 or later versions.
- At present, only one-way SSL is supported.
-
Download the JDBC driver from here DB2 JDBC Driver Versions and Downloads.
- Stop the Sterling B2B Integrator
services.
- Install DB2 with the SSL option.
- Access
sandbox.cfg from Sterling B2B Integrator installation directory.
Find the non-SSL ports and replace with SSL ports.
-
DB2_PORT
-
DB_PORT
-
YANTRA_DB_PORT
-
sslConnection = true
For example: If SSL is configured on port 55000, then the ports must be updated as:
- DB2_PORT=55000
- DB_PORT=55000
- YANTRA_DB_PORT=55000
- Go to Sterling B2B Integrator
installation directory and navigate to the
Properties folder. Back up the following
files before you update them.
jdbc.properties.injdbc.properties_platform_ifcresources_ext.in
- Specify the following parameters:
| Parameter Name |
Description |
Optional or Mandatory |
| key.jks |
File name in the modified URL for DB2 SSL setup. |
Mandatory |
| password |
Password for the truststore file. |
Mandatory |
Find the base JDBC URL for the following database pools and update with the SSL configured URLs
in:
jdbc.properties.in file.
-
db2Pool
-
db2Pool_local
-
db2Pool_NoTrans
For example:
The base JDBC URL is updated with the SSL URLs for the above mentioned
pools.
Existing JDBC URL - db2Pool.url=jdbc:db2://<IP address of DB2 server:port number>/B2Bi
db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi
Modified JDBC URLs:
db2pool - db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
db2Pool_local - db2Pool_local.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
db2Pool_NoTrans - db2Pool_NoTrans.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
jdbc.properties_platform_ifcresources_ext.in file. For example:
The base JDBC URL is updated with the SSL URLs for the above mentioned
pools.
Existing JDBC URL - db2Pool.url=jdbc:db2://<IP address of DB2 server:port number>/B2Bi
db2Pool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi
Modified JDBC URLs:
db2ArchivePool - db2ArchivePool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
db2UIPool - db2UIPool.url=jdbc:db2://b2biqarhlmk9:55000/B2Bi:sslConnection=true;
sslTrustStoreLocation=/opt/db211.5/sslkey_b2biqarhlmk9/key.jks;sslTrustStorePassword=password
- Run
setupfiles.sh for Linux/Unix and setupfiles.cmd for
Windows.
- Run
deployer.sh for Linux/Unix and deployer.cmd for
Windows.
- Restart the Sterling B2B Integrator services.