0

我正在尝试将 SSL 证书从 java 密钥库加载到 db2 dbm。

我做了以下步骤: 步骤 1:列出信任库中的证书

$ keytool -list -v -keystore db-truststore
Enter keystore password:  
Keystore type: jks
Keystore provider: SUN

Your keystore contains 2 entries

Alias name: caintermediate
Creation date: May 24, 2018
Entry type: trustedCertEntry
...
...
Alias name: carootcert
Creation date: May 24, 2018
Entry type: trustedCertEntry

步骤 2:将这些证书导出到文件

keytool -export -alias carootcert -keystore db-truststore -file rootcert.pem
Enter keystore password:  
Certificate stored in file <rootcert.pem>

keytool -export -alias caintermediate -keystore db-truststore -file intermediatecert.pem
Enter keystore password:  
Certificate stored in file <intermediatecert.pem>

第三步:创建密钥数据库:

gsk8capicmd_64 -keydb -create -db "dbclient.kdb" -pw "passw0rd" -stash

第 4 步:将证书文件添加到密钥数据库

gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label carootcert -file rootcert.pem
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label caintermediate -file intermediatecert.pem 

第 5 步:添加目录:

db2 => catalog TCPIP NODE phdbdev  REMOTE  bldbz173038.cloud.dst.ibm.com  SERVER 60443  SECURITY SSL
DB20000I  The CATALOG TCPIP NODE command completed successfully.
DB21056W  Directory changes may not be effective until the directory cache is 
refreshed.
db2 => catalog DATABASE phdbdev  AT NODE phdbdev  AUTHENTICATION SERVER
DB20000I  The CATALOG DATABASE command completed successfully.
DB21056W  Directory changes may not be effective until the directory cache is 
refreshed.

第 6 步:更新 gdm

db2 update dbm cfg using SSL_CLNT_KEYDB /full-path/dbclient.kdb 
SQL5133N  The configuration parameter was not updated because the specified 
value is not valid.  Specified value: "0".  Configuration parameter name: 
"fcm_buffer_size".

按照建议进行进一步调查:

$ db2level
DB21085I  This instance or install (instance name, where applicable: "vizeet") 
uses "64" bits and DB2 code release "SQL11010" with level identifier 
"0201010F".
Informational tokens are "DB2 v11.1.0.0", "s1606081100", "DYN1606081100AMD64", 
and Fix Pack "0".
Product is installed at "/home/vizeet/sqllib".

$ db2 get dbm cfg | grep 'Node type'
     Node type = Enterprise Server Edition with local and remote clients

$ db2 get dbm cfg | grep FCM
 Number of FCM buffers                 (FCM_NUM_BUFFERS) = AUTOMATIC(4096)
 FCM buffer size                       (FCM_BUFFER_SIZE) = 0
 Number of FCM channels               (FCM_NUM_CHANNELS) = AUTOMATIC(2048)
 FCM parallelism                       (FCM_PARALLELISM) = AUTOMATIC(1)

db-truststore 与 db2 驱动程序一起正常工作。

无法解决此问题。请帮忙。

4

0 回答 0