DB2 - How to import certificates when there is a connection error for no certificates (4228016)

DB2 Cartridge in FIPS-compliant mode

When FMS is 5.9.7 and later in with FIPS compliance mode enabled,  DB2 cartridge is 5.9.7.10 or later, we need to import the certificate into fogdb.store by the following step:

Step 1: Navigate to the Foglight Agent Manager (FglAM) to agent/lib folder. Taking version 5.9.7.10 as an example:

{fglam_home}/agents/DB_DB2/5.9.7.10-5.9.7.10-xxxx-xxxx/lib 

Step 2: Execute the command below to import the certificate:  

• Windows:

certificatetool-5.9.7.10.bat --add-certificate {alias}=\path\to\certificate\file

• Linux:

For example:

certificatetool-5.9.7.10.bat --add-certificate host1=c:/test.cer

DB2 Cartridge in the non-FIPS mode:

Step 1: Navigate to the certificates folder on the Foglight Agent Manager to get the storepass value

cd {fglam}/state/default/certificates

Step 2: When trying to connect to DB2 instance with SSL, import the SSL certificate into the FglAM first.
Go to directory /agents/DB_DB2/--/lib/ and run the command
certificate--ksh.ksh (or certificate--bat.bat in Windows)

Step 3: Open the DB2Keystore.info file and copy the UID value to use later, the format is xxxxxxxx-xxxx-xxxx-xxxx-xxxx

Step 4: Navigate to the jre bin folder

cd {fglam}/jre/bin

Step 5: Use the keytool (add jdk/bin or jre/bin to path first) to get the current DB2 certificate like this keytool -printcert -sslserver :-rfc

C:\>keytool -printcert -sslserver SERVERNAME:50000 -rfc

Step 6: Save the output (include BEGIN and END lines) as file db2.cer. The output may contain multiple certificates and look like this

Step 7: Import the certificate(s) into the keystore, use a different alias for each certificate if multiple certificates are used. The UID is take from Step 3 above.