Perform the following steps to implement the object store
and ICL using DB2® tables.
Before you begin
- DB2 must be installed and
running.
- You need to know the name of the DB2 subsystem or
the group attachment name for the object store and ICL.
- You need to know the name you are using for the DB2 package. The default package name is MASTERCA.
- You need to know the name of the PKI Services daemon.
About this task
You need to perform this task only if you are configuring PKI Services for the
first time. If you have been using VSAM files for the object store
and ICL and want to use DB2 tables
instead, follow the steps in Converting the object store and ICL from VSAM to DB2.
Procedure
- Update the IKYCDB2 sample and run it to
create the DB2 objects. This
sample contains SQL statements that define the database, table space,
tables, and indexes for the ICL and object store.
- Copy the sample from SYS1.SAMPLIB(IKYCDB2).
(For a code sample of this file, see IKYCDB2.)
- As directed in the sample, if you have run the sample
before, uncomment the statements in the first section so that the
existing indexes, tables, table spaces, and database are dropped and committed.
- If you are using a package name other than the default
name MASTERCA, change every occurrence of MASTERCA in
the sample to the package name you have chosen.
- Run your updated copy of IKYCDB2. You can use the DB2 SPUFI facility to run it.
________________________________________________________________
- Update the sample job IKYSBIND
and run it to build the PKI Services package.
- Copy the sample job from SYS1.SAMPLIB(IKYSBIND).
(For a code sample of this file, see IKYSBIND.)
- If you are using a package name other than the default
name MASTERCA, change every occurrence of MASTERCA in
the sample job to the package name you have chosen.
- Run your updated copy of IKYSBIND.
________________________________________________________________
- Update the sample job IKYSGRNT
and run it to grant execute privilege on the DB2 package for PKI Services to the PKI Services
daemon user ID.
- If the PKI Services daemon has a name other than the
default name of PKISRVD, change PKISRVD to
the name of your PKI Services daemon. (The daemon name is determined
by the daemon variable in IKYSETUP. For more information,
see Running IKYSETUP to perform RACF administration.)
- Change MASTERCA to the package name
that was used in the IKYSBIND job.
- Run your updated copy of IKYSGRNT.
________________________________________________________________
- Update the IKYSETUP REXX exec to indicate that you are
using DB2 tables, so that IKYSETUP
gives the PKI Services daemon the access it needs to the DB2 Resource Recovery Services Access Facility
(RRSAF). Find the section "Question 6 - Use DB2 as the repository for the Issued Certificate
List (ICL) and Object Store". Change the line:
db2_repos = 0
to:db2_repos = 1
Update
the line:db2_subsys = 'DSN9'
and
change 'DSN9' to the name of the DB2 subsystem or the group attachment
name that provides the repository. Run the updated copy of IKYSETUP.________________________________________________________________
- Update the configuration file, pkiserv.conf,
to indicate that you are using DB2 tables.
Results
When you are done, you have created DB2 objects for the object store and ICL.