我正在尝试将SSL证书从Java密钥库加载到db2 dbm。
我做了以下步骤: 步骤1:在信任库中列出证书
$ keytool -list -v -keystore db-truststore
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: caintermediate
Creation date: May 24, 2018
Entry type: trustedCertEntry
...
...
Alias name: carootcert
Creation date: May 24, 2018
Entry type: trustedCertEntry
第2步:将这些证书导出到文件中
keytool -export -alias carootcert -keystore db-truststore -file rootcert.pem
Enter keystore password:
Certificate stored in file <rootcert.pem>
keytool -export -alias caintermediate -keystore db-truststore -file intermediatecert.pem
Enter keystore password:
Certificate stored in file <intermediatecert.pem>
第3步:创建密钥数据库:
gsk8capicmd_64 -keydb -create -db "dbclient.kdb" -pw "passw0rd" -stash
第4步:将证书文件添加到密钥数据库
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label carootcert -file rootcert.pem
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label caintermediate -file intermediatecert.pem
第5步:添加了目录:
db2 => catalog TCPIP NODE phdbdev REMOTE bldbz173038.cloud.dst.ibm.com SERVER 60443 SECURITY SSL
DB20000I The CATALOG TCPIP NODE command completed successfully.
DB21056W Directory changes may not be effective until the directory cache is
refreshed.
db2 => catalog DATABASE phdbdev AT NODE phdbdev AUTHENTICATION SERVER
DB20000I The CATALOG DATABASE command completed successfully.
DB21056W Directory changes may not be effective until the directory cache is
refreshed.
第6步:更新了gdm
db2 update dbm cfg using SSL_CLNT_KEYDB /full-path/dbclient.kdb
SQL5133N The configuration parameter was not updated because the specified
value is not valid. Specified value: "0". Configuration parameter name:
"fcm_buffer_size".
建议进一步调查:
$ db2level
DB21085I This instance or install (instance name, where applicable: "vizeet")
uses "64" bits and DB2 code release "SQL11010" with level identifier
"0201010F".
Informational tokens are "DB2 v11.1.0.0", "s1606081100", "DYN1606081100AMD64",
and Fix Pack "0".
Product is installed at "/home/vizeet/sqllib".
$ db2 get dbm cfg | grep 'Node type'
Node type = Enterprise Server Edition with local and remote clients
$ db2 get dbm cfg | grep FCM
Number of FCM buffers (FCM_NUM_BUFFERS) = AUTOMATIC(4096)
FCM buffer size (FCM_BUFFER_SIZE) = 0
Number of FCM channels (FCM_NUM_CHANNELS) = AUTOMATIC(2048)
FCM parallelism (FCM_PARALLELISM) = AUTOMATIC(1)
db-truststore可与db2驱动程序正常工作。
无法解决此问题。请帮助。