We are implementing a more secure layer for databases and bringing it to TLS 1.2. Also, I have received our new DB2 certificates file, which we may need to align with the keystore.
Note: we are using older DB2 releases:
Release : 4.9
Component : TDM Web Portal
The supported release of DB2 for TDM 4.9.1 are as follows:
This might work with the older DB2 releases, but Broadcom cannot guarantee your results, since the DB2 releases you are using are not supported.
----------------------------------------------------------------------------------------------
To create a DB2 connection profile in TDM Portal that uses a secured SSL connection, you would need to do the following:
As for the embedded Java jre, by default, this version of java only allows for TLS1.2 connections. All other protocols are disabled. If you need to enable an older protocol, for instance, TLS1.1, then you will need to do the following:
By the way, this also applies to FDM. You can do similar steps to configure an FDM connection to use SSL when connecting to DB2. If you enable TLS1.1 for the Portal then you will also want to do the same for the embedded jre used by FDM. See KB https://knowledge.broadcom.com/external/article?articleId=222429
----------------------------------------------------------------------------------------------
If your security team provided you with a TrustStore file, then all you need to know is the password for the file. You can place this file anywhere you wish on the Portal server, as long as the account running the CA Test Data Manager Portal service has read access to the file.
You would then specify the full path to the file, and the password required for accessing the file in the Additional parameters in the Connection Profile configuration.
If you were only given the certificate file, then you can use the Java Keytool command-line utility to generate a TrustStore file and import the certificate into the TrustStore.
Where:
For example:
keytool -import -file "C:/Users/brad/Downloads/new_ca_cert.ce" -alias DB2ServerName -keystore "C:/Program Files/CA/CA Test Data Manager Portal\conf\.truststore" -storetype PKCS12 -storepass CAdemo1234!
If you create the TrustStore file with a password, you will need to record what you made the password, in case you need to import additional certificates in the future. If you have more than one certificate to import, you will need to run the import file for each certificate, changing the -file and -alias for each of the certificates.