Configuring post-installation DB2 secure access

After you install the TADDM server, you can configure secure DB2 access.

You must complete the following steps for each server in installation, which has access to the database. Those servers are the domain server, primary storage server, secondary storage server, and enterprise server.
  1. Stop the TADDM server.
  2. Configure your DB2 instance to work in a secure mode. For the detailed instruction, refer to the section Configuring Secure Sockets Layer (SSL) support for a DB2 instance at http://www-01.ibm.com/support/knowledgecenter/SSEPGG_10.1.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html in DB2 documentation.
  3. If the database access data that was provided during the installation is not valid, correct it in the collation.properties file.
    • com.collation.db.url - a JDBC url for the primary database.
    • com.collation.db.user - a user name that is used to access the primary database.
    • com.collation.db.password - a password that is used to access the primary database.
    • com.collation.db.archive.url - a JDBC url for the archive database. It is usually the same as for the primary database.
    • com.collation.db.archive.user - a user name that is used to access the archive database.
    • com.collation.db.archive.password - a password that is used to access the archive database.
  4. Import DB2 certificate as trusted certificate.
    1. Run the following command: 
      keytool  -import  -file db2certificate.arm -keystore taddm_db2.truststore
      where:
      certificate.arm
      is the DB2 instance SSL certificate. You might need to provide the full path.
      taddm_db2.truststore
      is a truststore file where the certificate is to be stored.
    2. Copy the taddm_db2.truststore file into the $COLLATION_HOME/dist/etc directory.
      Note: The keytool program is available in the TADDM installation directory $COLLATION_HOME/dist/external/jdk-Linux-x86_64/bin. The jdk directory name varies depending on the operating system or architecture.
  5. Set the DB connection to a secure mode for both primary and archive databases by adding the following properties in the collation.properties file: 
    com.ibm.cdb.db.connection.ssl.enable=true
com.ibm.cdb.db.archive.connection.ssl.enable=true
  6. Set the truststore file location for the DB connection for both primary and archive databases by adding the following properties in the collation.properties file: 
    com.ibm.cdb.db.connection.ssl.truststore.file=taddm_db2.truststore
com.ibm.cdb.db.archive.connection.ssl.truststore.file=taddm_db2.truststore
    Note: The file name is the same as in the $COLLATION_HOME/dist/etc directory.
  7. Set the password for the truststore file for both primary and archive databases by adding the following properties in the collation.properties file 
    com.ibm.cdb.db.connection.ssl.truststore.password=password
com.ibm.cdb.db.archive.connection.ssl.truststore.password=password
  8. Run either the encryptprops.sh file or the encryptprops.bat file. The file is in the $COLLATION_HOME/bin directory. This script encrypts the passwords.
  9. Restart the TADDM server.