Db2 Warehouse (On Premises and Cloud)

nested-group-icon.png

DB2

Expand all | Collapse all

Re-Generate SSL Certificates

  • 1.  Re-Generate SSL Certificates

    Posted Wed August 26, 2020 04:10 AM

    Hi

    We have DB2 Warehouse MPP deployed locally with docker and after upgrade to 11.5.4.0-CN1

    we get error message in Web Console:

    Warning: The console is unable to connect to the database. Common reasons are that the target database is offline or the console is unable to connect to the SSL port. To diagnose the problem, use the console to check the system status. If necessary, consult the Db2 logs.

    and SSL connection to DB is failing

    port 50001 is accessible everywhere

    Any help please?

    [jcc][t4][2030][11211][4.27.25] A communication error occurred during operations on the connection's underlying socket, socket input stream, or socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: Connection reset. ERRORCODE=-4499, SQLSTATE=08001 Connection reset Connection reset

    non-SSL is working correctly 



    ------------------------------
    Andrei Nevar
    ------------------------------


  • 2.  RE: Re-Generate SSL Certificates

    Posted Wed August 26, 2020 04:12 AM
    2020-08-26-08.10.54.898761+000 I1123647E489 LEVEL: Error PID : 13286 TID : 139799822329600 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 APPHDL : 0-1817 HOSTNAME: winter-frog-vs.icdc.io EDUID : 309 EDUNAME: db2agent () 0 FUNCTION: DB2 UDB, common communication, sqlccMapSSLErrorToDB2Error, probe:30 MESSAGE : DIA3604E The SSL function "gsk_secure_soc_init" failed with the return code "401" in "sqlccSSLSocketSetup". ​

    ------------------------------
    Andrei Nevar
    ------------------------------



  • 3.  RE: Re-Generate SSL Certificates

    Posted Wed August 26, 2020 04:15 AM


    ------------------------------
    Andrei Nevar
    ------------------------------



  • 4.  RE: Re-Generate SSL Certificates

    Posted Thu August 27, 2020 01:32 AM


    Manually update the expired certificate 

    https://supportcontent.ibm.com/support/pages/node/6262963

    Sent from my iPhone using HCL Verse





  • 5.  RE: Re-Generate SSL Certificates

    Posted Thu August 27, 2020 09:04 AM
    didn't helped

    ------------------------------
    Andrei Nevar
    ------------------------------



  • 6.  RE: Re-Generate SSL Certificates

    Posted Tue September 22, 2020 10:08 AM
    Hi Andre,
    Did you get this fixed?

    ------------------------------
    Leon Van Zyl
    ------------------------------



  • 7.  RE: Re-Generate SSL Certificates

    Posted Wed September 23, 2020 05:02 AM

    Hi
    I recommend this way: https://supportcontent.ibm.com/support/pages/node/6262963


    After creating PMR they give me link to new way of regenerating SSL but at this moment link broken
    https://www.ibm.com/support/knowledgecenter/SSCJDQ/com.ibm.swg.im.dashdb.doc/generating_ssl.html

    but if you using this approach you need additional steps on all clients


      



    ------------------------------
    Andrei Nevar
    ------------------------------



  • 8.  RE: Re-Generate SSL Certificates

    Posted Thu September 24, 2020 03:28 AM
    Hi, the link was changed to a technote, it now also includes the shell script

    https://www.ibm.com/support/pages/node/6334641

    ------------------------------
    Guido Verbraak
    ------------------------------