Submit a ticketCall us
Home > Success Center > Database Performance Analyzer (DPA) > SSL connections from DPA to DB2 monitored instance

SSL connections from DPA to DB2 monitored instance

Table of contents

Updated September 22, 2016

Overview

Steps to create SSL connections from DPA to a DB2 monitored instance. 

Environment

  • All versions of DPA
  • DB2 monitored instance that requires a SSL connection 

Steps

  1. Export the DB2 certificate from the DB2 server into a .pem file. See Configuring Secure Sockets Layer (SSL) support in a DB2 instance (© 2016 IBM, available at www.ibm.com, obtained on September 7, 2016) for steps.  
    The relevant command is:
    gsk8capicmd_64 -cert -extract -db "mydbserver.kdb" -pw "myServerPassw0rdpw0" -label "myselfsigned" -target "mydbserver.arm" -format ascii -fips
    In some cases, the resulting certificate file mydbserver.arm seems to be the same as a .pem file, which is a recognized file extension by Portecle (Trust Store tool free for download). The file extension can be changed from .arm to .pem.
  2. Make DPA trust the DB2 certificate. Create a new trust store containing the DB2 certificate.
    In principle, the following steps can be performed using the keytool command which is part of a Java installation, SolarWinds recommends Portecle for convenience.
    1. Open Portecle utility.
    2. Click File > New Keystore in the menu, choose JKS keystore type.
      Click Tools > Import Trusted Certificate and choose the .pem file from Step 1. Confirm that you trust the certificate and proceed with the import.
      Having the certificate successfully imported, save the trust store to file.
      Windows:
      [DPA home]\iwc\tomcat\ignite_config\security\db2-truststore.jks
      Linux:
      [DPA Home]/iwc/tomcat/ignite_config/security/db2-truststore.jks
      .
    3. During save, Portecle will ask for a password to encrypt the keystore with. By default, Java applications use changeit as password.
    4. Close Portecle.
  3. Register the DB2 instance in DPA. On Step 2 of the of the database registration wizard. You must specify SSL port. Open Advanced Connection Properties on this page and into "Connection Properties" field put following value (without quotes, fill in the trust store password):

    Windows:
    sslConnection=true;sslTrustStoreLocation=./ignite_config/security/db2-truststore.jks;sslTrustStorePassword=<password-from-step-2>

    Linux:
    sslConnection=true;sslTrustStoreLocation=../ignite_config/security/db2-truststore.jks;sslTrustStorePassword=<password-from-step-2>

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

Last modified
14:16, 16 Feb 2017

Tags

Classifications

Public