Refreshing the SSL certificate used by Db2 Big SQL after the Cloud Pak for Data self-signed certificate is updated

When the Cloud Pak for Data self-signed certificate is updated, the SSL certificate that is used by Db2® Big SQL must be refreshed.

About this task

Do this task to rotate the SSL certificate that is used by Db2 Big SQL to establish TLS encryption of the client JDBC connections.

Procedure

Log in to your OpenShift® cluster as a project administrator:
```
oc login <OpenShift_URL>:<port>
```
Change to the project where the Cloud Pak for Data control plane is installed:
```
oc project ${PROJECT_CPD_INSTANCE}
```
Note: This command uses an environment variable so that you can run the command exactly as written. For information about sourcing environment variables, see Setting up installation environment variables.

Identify the Db2 Big SQL instance ID:

oc get cm -l component=db2bigsql -o custom-columns="Instance Id:{.data.instance_id},Instance Name:{.data.instance_name},Created:{.metadata.creationTimestamp}"

Get the name of the Db2 Big SQL head pod:

head_pod=$(oc get pod -l app=bigsql-<instance_id>,name=dashmpp-head-0 --no-headers=true -o=custom-columns=NAME:.metadata.name)

Open a remote shell on the head pod:
```
oc rsh $head_pod
```
Switch to the Db2 Big SQL database instance owner db2inst1:
```
su - db2inst1
```
Stop the Db2 Big SQL instance and do an ipclean process:
```
bigsql stop && rah 'ipclean -a'
```
Reconfigure the Db2 SSL certificate to pick up the changes to the Cloud Pak for Data certificate:
```
source /db2u/scripts/include/db2_ssl_functions.sh && rotate_ssl_certs
```
Start the Db2 instance:
```
bigsql start
```