我正在尝试将 SSL 证书从 java 密钥库加载到 db2 dbm。
我做了以下步骤: 步骤 1:列出信任库中的证书
$ keytool -list -v -keystore db-truststore
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: caintermediate
Creation date: May 24, 2018
Entry type: trustedCertEntry
...
...
Alias name: carootcert
Creation date: May 24, 2018
Entry type: trustedCertEntry
步骤 2:将这些证书导出到文件
keytool -export -alias carootcert -keystore db-truststore -file rootcert.pem
Enter keystore password:
Certificate stored in file <rootcert.pem>
keytool -export -alias caintermediate -keystore db-truststore -file intermediatecert.pem
Enter keystore password:
Certificate stored in file <intermediatecert.pem>
第三步:创建密钥数据库:
gsk8capicmd_64 -keydb -create -db "dbclient.kdb" -pw "passw0rd" -stash
第 4 步:将证书文件添加到密钥数据库
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label carootcert -file rootcert.pem
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label caintermediate -file intermediatecert.pem
第 5 步:添加目录:
db2 => catalog TCPIP NODE phdbdev REMOTE bldbz173038.cloud.dst.ibm.com SERVER 60443 SECURITY SSL
DB20000I The CATALOG TCPIP NODE command completed successfully.
DB21056W Directory changes may not be effective until the directory cache is
refreshed.
db2 => catalog DATABASE phdbdev AT NODE phdbdev AUTHENTICATION SERVER
DB20000I The CATALOG DATABASE command completed successfully.
DB21056W Directory changes may not be effective until the directory cache is
refreshed.
第 6 步:更新 gdm
db2 update dbm cfg using SSL_CLNT_KEYDB /full-path/dbclient.kdb
SQL5133N The configuration parameter was not updated because the specified
value is not valid. Specified value: "0". Configuration parameter name:
"fcm_buffer_size".
按照建议进行进一步调查:
$ db2level
DB21085I This instance or install (instance name, where applicable: "vizeet")
uses "64" bits and DB2 code release "SQL11010" with level identifier
"0201010F".
Informational tokens are "DB2 v11.1.0.0", "s1606081100", "DYN1606081100AMD64",
and Fix Pack "0".
Product is installed at "/home/vizeet/sqllib".
$ db2 get dbm cfg | grep 'Node type'
Node type = Enterprise Server Edition with local and remote clients
$ db2 get dbm cfg | grep FCM
Number of FCM buffers (FCM_NUM_BUFFERS) = AUTOMATIC(4096)
FCM buffer size (FCM_BUFFER_SIZE) = 0
Number of FCM channels (FCM_NUM_CHANNELS) = AUTOMATIC(2048)
FCM parallelism (FCM_PARALLELISM) = AUTOMATIC(1)
db-truststore 与 db2 驱动程序一起正常工作。
无法解决此问题。请帮忙。