IBM Support

Steps to configure SSL communication for clients with pre TLS 1.2 settings

Question & Answer


Question

How to setup SSL communication on Unix/Linux Backup Archive clients running legacy security settings below TLS 1.2.

Cause

Detailed step by step description for the setup of SSL communication on Unix/Linux Backup Archive clients.

Answer

Please follow the instructions below to setup SSL communication using cert.arm ( Pre TLS 1.2 version of SSL keys)


1. On Tivoli Storage Manager server >> To Enable SSL when configure Tivoli Storage Manager instance, add below two lines to dsmserv.opt and restart Tivoli Storage Manager server:
SSLTCPPort 1542
SSLTCPADMINPort 1543


2. On Tivoli Storage Manager client >> get cert.arm from Tivoli Storage Manager server's instance directory and rename it to cert_<Tivoli Storage Manager_server>.arm,

then run below commands in $DSM_DIR:

gsk8capicmd_64 -keydb -create -db dsmcert.kdb -pw <password> -stash -populate

gsk8capicmd_64 -cert -add -db dsmcert.kdb -pw <password> -label "Tivoli Storage Manager server SERVERNAME self-signed key" -file ./cert_SERVERNAME.arm -format ascii -trust enable

3. On Tivoli Storage Manager client >> confirm the Tivoli Storage Manager server's certificate has been added to client's trusted certificate store:

userlogin> gsk8capicmd_64 -cert -list all -db dsmcert.kdb -pw <password>

Certificates found

* default, - personal, ! trusted
! Tivoli Storage Manager server USER self-signed key
! Tivoli Storage Manager server SERVERNAME self-signed key
Tivoli Storage Manager server

userlogin>

Please run the same command from the Tivoli Storage Manager server's console.

4. On Tivoli Storage Manager client >> Add configuration in $DSM_DIR/dsm.sys:

SErvername SERVERNAME-ssl
COMMMethod TCPip
SSL YES
TCPPort 1542
TCPADMINPORT 1500
TCPServeraddress TCP/IP address of the migrated Tivoli Storage Manager server

5. On Tivoli Storage Manager server >> Try to establish client-server ssl connection using below command from the Tivoli Storage Manager server:

dsmadmc -se=SERVERNAME-ssl


Please replace the SERVERNAME with the actual Tivoli Storage Manager server name.

[{"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Client","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"All Supported Versions","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
17 June 2018

UID

swg21968051