Hi Vincent,
You can use one of the two scripts that reside in the /bin directory to import the certificate(s).
DLS_SSL_CertImportTool.bat - Import into the /jre/lib/security/cacertsDLS_SSL_CertImportTool.bat <path>\certificate.crtThirdPartyCertificateTool.bat - Import into the /configuration/certs/CAMKeystore
ThirdPartyCertificateTool.bat -T -i -r <path>\certificate.crt -p NoPassWordSet
If you search on these scripts you should be able to find more information. If you are unsure which keystore to import to you can import to both.
You can launch the /jre/bin/ikeyman.exe to see which certificates are imported
CAMKeystore -> PKCS12 Public Key Crypto Standard (PW: NoPassWordSet)
cacerts -> JKS/Java Key Store (PW: changeit)
Cheers,
Trevor
------------------------------
TREVOR COMEAU
------------------------------
Original Message:
Sent: Tue August 27, 2019 03:45 AM
From: Vincent
Subject: How to connect to a DB2 database with SSL connection in CA
Hey Trevor Comeau,
Thanks for your help! May I ask is there any related document how to import the certificate(s) into the jre/lib/security/cacerts keystore?
------------------------------
Vincent
Original Message:
Sent: Mon August 26, 2019 10:32 AM
From: TREVOR COMEAU
Subject: How to connect to a DB2 database with SSL connection in CA
That document is specific to Content Store connections.
I think for your scenario you would need to import the certificate(s) into the jre/lib/security/cacerts keystore.
------------------------------
TREVOR COMEAU
Original Message:
Sent: Fri August 23, 2019 03:18 AM
From: Vincent
Subject: How to connect to a DB2 database with SSL connection in CA
Hey everyone,
I'm testing CA with version 11.1.3 in Windows server 2008 R2. I'm able to connect to db2 database without ssl connection method but I meet error when to connect to a db2 database with SSL connection method with Certificate chaining error: java.security.cert.CertPathValidatorException: Certificate chaining error。 ERRORCODE=-4499, SQLSTATE=08001java.security.cert.CertPathValidatorException: Certificate chaining error。 ERRORCODE=-4499, SQLSTATE=08001com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=XXXXXXXXXX Root CA, O=XXXXXXXXXXXXX Corporation, C=US is not trusted.
JDBC URL : jdbc:db2://xxxx.xxxx.xxxx:xxxxx/XXXX:sslConnection=true;
Driver class names: com.ibm.db2.jcc.DB2Driver
What I refer document is https://www.ibm.com/support/knowledgecenter/SSEP7J_11.0.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/t_importcacertificates.html?view=embed
Is it correct document?
how to config CA to connect to a db2 database via SSL connection?
Thanks in advance!!!!
#CognosAnalyticswithWatson