Steps for creating the object store and ICL DB2 tables

Perform the following steps to implement the object store and ICL using DB2® tables.

1. Update the IKYCDB2 sample and run it to create the DB2 objects. This sample contains SQL statements that define the database, table space, tables, and indexes for the ICL and object store.
   1. Copy the sample from SYS1.SAMPLIB(IKYCDB2). (For a code sample of this file, see IKYCDB2.)
   2. As directed in the sample, if you have run the sample before, uncomment the statements in the first section so that the existing indexes, tables, table spaces, and database are dropped and committed.
   3. If you are using a package name other than the default name MASTERCA, change every occurrence of MASTERCA in the sample to the package name you have chosen.
   4. Run your updated copy of IKYCDB2. You can use the DB2 SPUFI facility to run it.

   ________________________________________________________________

2. Update the sample job IKYSBIND and run it to build the PKI Services package.
   1. Copy the sample job from SYS1.SAMPLIB(IKYSBIND). (For a code sample of this file, see IKYSBIND.)
   2. If you are using a package name other than the default name MASTERCA, change every occurrence of MASTERCA in the sample job to the package name you have chosen.
   3. Run your updated copy of IKYSBIND.

   ________________________________________________________________

3. Update the sample job IKYSGRNT and run it to grant execute privilege on the DB2 package for PKI Services to the PKI Services daemon user ID.
   1. If the PKI Services daemon has a name other than the default name of PKISRVD, change PKISRVD to the name of your PKI Services daemon. (The daemon name is determined by the daemon variable in IKYSETUP. For more information, see Running IKYSETUP to perform RACF administration.)
   2. Change MASTERCA to the package name that was used in the IKYSBIND job.
   3. Run your updated copy of IKYSGRNT.

   ________________________________________________________________

4. Update the IKYSETUP REXX exec to indicate that you are using DB2 tables, so that IKYSETUP gives the PKI Services daemon the access it needs to the DB2 Resource Recovery Services Access Facility (RRSAF). Find the section "Question 6 - Use DB2 as the repository for the Issued Certificate List (ICL) and Object Store". Change the line:

   db2_repos = 0

   to:

   db2_repos = 1

   Update the line:

   db2_subsys = 'DSN9'                                     

   and change 'DSN9' to the name of the DB2 subsystem or the group attachment name that provides the repository. Run the updated copy of IKYSETUP.

   ________________________________________________________________

5. Update the configuration file, pkiserv.conf, to indicate that you are using DB2 tables.
   • In the ObjectStore section, uncomment the following line:

     # DBType=DB2

     and make sure that the following line is commented out or omitted:

     # DBType=VSAM

   • In the ObjectStore section, uncomment the following line:

     # DBPackage=MasterCA

     If you used a package name other than MasterCA in the IKYCDB2 and IKYSBIND samples, change MasterCA in this line to the package name you used.
   • In the ObjectStore section, uncomment the following line:

     # DBSubsystem=DSN9

     If you are using a DB2 subsystem or a group attachment with a name other than DSN9, change DSN9 in this line to the name of your DB2 subsystem or group attachment.
   • If the object store and ICL are shared in a sysplex with other instances of PKI Services, change the line:

     SharedPLEX=F

     to

     SharedPLEX=T

   • Restart PKI Services so that your changes take effect.

     ________________________________________________________________