Resolving The Problem

Import the SSL certificate into the trustore file:

openssl s_client -connect api.db2.ibm.com:443 -showcerts < /dev/null 2>/dev/null | 
openssl x509 -outform PEM > internal-product-cert.pem
export DB2GH_HOME=<db2gh_home>/ibm-db2GeniusHub
export TRUSTORE_PASSWORD=changeit
$DB2GH_HOME/java/jre/bin/keytool -importcert 
-file internal-product-cert.pem 
-keystore $DB2GH_HOME/java/jre/lib/security/cacerts 
-storetype PKCS12 
-alias internal-product-cert 
-storepass $TRUSTORE_PASSWORD

Db2GH Proxy Configuration Guide

If you decide to use "IBM Provided AI Stack" option, it requires internet access to reach ibm.com domain from your network.

If your environment uses a proxy and Db2GH cannot pass through it for IBM's internal API authentication calls, follow the steps below to configure Db2GH to use your internal proxy server.

1. Find Existing Proxy Settings

Run the following commands to check current proxy values:

echo $HTTPS_PROXY
echo $HTTP_PROXY

If these variables are not set but you already know your internal proxy server details, use those values in the configuration instead.

2. Update JVM Proxy Configuration

Open the following file:

<db2gh_home>/wlp/usr/servers/dsweb/jvm.options

Add or update the proxy parameters (replace host and port with your actual proxy settings):

-Dhttp.proxyHost=proxy.example.com
-Dhttp.proxyPort=<replace with the value of the HTTP_PROXY port>
-Dhttps.proxyHost=proxy.example.com
-Dhttps.proxyPort=<replace with the value of the HTTPS_PROXY port>

After saving the file, restart Db2 Genius Hub.

Once restarted, try accessing the chat feature again.

You should now be able to authenticate successfully with IBM's authentication service through your proxy.