Submit a ticketCall us

WebinarWebinar: A checklist for planning your Network Performance Monitor (NPM) upgrade

Are you ready for your next upgrade? To help you plan smoothly, join this webcast to learn more about, SolarWinds® Orion® Installer, SolarWinds Upgrade Advisor, Upgrades Guides, Training Videos, and other resources available. We’ll share key upgrade planning considerations, lessons learned from customers with practical advice from SolarWinds Product Experts. We’ll also give practical tips to identify the estimated time needed and resources, how to prepare the business and IT staff for changes, ways to plan for required system changes, and more.

Register now.

Home > Success Center > Database Performance Analyzer (DPA) > DPA - Knowledgebase Articles > SSL connections from DPA to DB2 monitored instance

SSL connections from DPA to DB2 monitored instance

Table of contents

Updated September 22, 2016


Steps to create SSL connections from DPA to a DB2 monitored instance. 


  • All versions of DPA
  • DB2 monitored instance that requires a SSL connection 


  1. Export the DB2 certificate from the DB2 server into a .pem file. See Configuring Secure Sockets Layer (SSL) support in a DB2 instance (© 2016 IBM, available at, obtained on September 7, 2016) for steps.  
    The relevant command is:
    gsk8capicmd_64 -cert -extract -db "mydbserver.kdb" -pw "myServerPassw0rdpw0" -label "myselfsigned" -target "mydbserver.arm" -format ascii -fips
    In some cases, the resulting certificate file mydbserver.arm seems to be the same as a .pem file, which is a recognized file extension by Portecle (Trust Store tool free for download). The file extension can be changed from .arm to .pem.
  2. Make DPA trust the DB2 certificate. Create a new trust store containing the DB2 certificate.
    In principle, the following steps can be performed using the keytool command which is part of a Java installation, SolarWinds recommends Portecle for convenience.
    1. Open Portecle utility.
    2. Click File > New Keystore in the menu, choose JKS keystore type.
      Click Tools > Import Trusted Certificate and choose the .pem file from Step 1. Confirm that you trust the certificate and proceed with the import.
      Having the certificate successfully imported, save the trust store to file.
      [DPA home]\iwc\tomcat\ignite_config\security\db2-truststore.jks
      [DPA Home]/iwc/tomcat/ignite_config/security/db2-truststore.jks
    3. During save, Portecle will ask for a password to encrypt the keystore with. By default, Java applications use changeit as password.
    4. Close Portecle.
  3. Register the DB2 instance in DPA. On Step 2 of the of the database registration wizard. You must specify SSL port. Open Advanced Connection Properties on this page and into "Connection Properties" field put following value (without quotes, fill in the trust store password):




Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.



Last modified