Enable and test encryption in IBM Db2

this section shows you how to enable and test encryption for this db2 integration import the certificate perform the following steps to import the signed client certificate put the signed client certificate pem file into the working folder you created (for example, c \certs ) rename the client certificate file to client crt run the following command to import the signed client certificate into the local keystore "c \program files\ibm\gsk8\bin\gsk8capicmd 64" cert receive db c \certs\clientkeydb p12 stashed file c \certs\client crt create the configuration file perform the following steps to create the kmip configuration file open a text editor and create the kmip cfg configuration file similar to the following template with your details version=1 product name=other allow key insert without keystore backup=true ssl keydb=c \path\to\clientkeydb p12 ssl keydb stash=c \path\to\clientkeydb sth ssl kmip client certificate label=\<label of client certificate> allow noncritical basic constraint=false master server host=\<ip address of kmes series 3> master server kmip port=\<kmip port> the following example shows a sample configuration file version=1 product name=other allow key insert without keystore backup=true ssl keydb=c \certs\clientkeydb p12 ssl keydb stash=c \certs\clientkeydb sth ssl kmip client certificate label=ibmdb2 allow noncritical basic constraint=false master server host=10 0 8 79 master server kmip port=5696 save the file to your working folder (such as c \certs ) configure db2 perform the following steps to configure db2 to use the {{k3}} open the db2 command line processor run the following commands to point to the {{k3}} by using the configuration file db2 => update dbm cfg using keystore location c \certs\kmip cfg db2 => update dbm cfg using keystore type kmip run the following commands to stop and start the database db2 => db2stop db2 => db2start create an encrypted database perform the following steps to create an encrypted database and verify the integration in the ibm db2 command line processor, run the following command to create an encrypted database, replacing fxencdb with your database name (no more than eight characters) db2 => create db fxencdb encrypt the master encryption key generates on the {{k3}} , and you see the following message after the process successfully completes db20000i the create database command completed successfully verify the database encrypted successfully by executing the following command db2 => get db cfg for fxencdb the encrypted database configuration parameter should be set to yes in the command response verify the creation of the key on the {{k3}} by navigating to key management > keys a hsm protected key should have been generated for ibm db2, similar to the following example db2 sysgen db2 fxencdb 2024 04 18 11 47 35 4a9769c4 for more information on configuring a kmip key store with ibm db2, consult the ibm documentation