When FMS is 5.9.7 and later in with FIPS compliance mode enabled, DB2 cartridge is 5.9.7.10 or later, we need to import the certificate into fogdb.store by the following step:
Step 1: Navigate to the Foglight Agent Manager (FglAM) to agent/lib folder. Taking version 5.9.7.10 as an example:
{fglam_home}/agents/DB_DB2/5.9.7.10-5.9.7.10-xxxx-xxxx/lib
Step 2: Execute the command below to import the certificate:
Windows:
certificatetool-5.9.7.10.bat --add-certificate {alias}=\path\to\certificate\file
Linux:
For example:
certificatetool-5.9.7.10.bat --add-certificate host1=c:/test.cer
Step 1: Navigate to the certificates folder on the Foglight Agent Manager to get the storepass value
cd {fglam}/state/default/certificates
Step 2: When trying to connect to DB2 instance with SSL, import the SSL certificate into the FglAM first.
Go to directory /agents/DB_DB2/--/lib/ and run the command
certificate--ksh.ksh (or certificate--bat.bat in Windows)
Step 3: Open the DB2Keystore.info file and copy the UID value to use later, the format is xxxxxxxx-xxxx-xxxx-xxxx-xxxx
Step 4: Navigate to the jre bin folder
cd {fglam}/jre/bin
Step 5: Use the keytool (add jdk/bin or jre/bin to path first) to get the current DB2 certificate like this keytool -printcert -sslserver :-rfc
C:\>keytool -printcert -sslserver SERVERNAME:50000 -rfc
Step 6: Save the output (include BEGIN and END lines) as file db2.cer. The output may contain multiple certificates and look like this
-----END CERTIFICATE-----
If there are multiple BEGIN and END lines, save each certificate to three separate files (e.g. db2_a.cer, db2_b.cer, db2_c.cer)
Step 7: Import the certificate(s) into the keystore, use a different alias for each certificate if multiple certificates are used. The UID is take from Step 3 above.
keytool -importcert -file db2.cer -keystore /fglam/state/default/certificates/DB2Keystore.keystore -storepass UID -noprompt -alias db2test
When trying to connect to DB2 instance with SSL, import SSL certificate into FglAM first.
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center