IBM Support

IT12010: SERVER-TO-SERVER SSL COMMUNICATION FAILS USING CA-SIGNED CERTIFICATES.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Description: Server-to-server SSL communication fails when
    using CA-signed certificates and when the "TSM Server
    SelfSigned SHA Key" label has been deleted from the key
    database. This error message will appear in the activity log:
    
    
    
    
    
    ANR8582E An SSL open-socket error occurred on session <###>.
      The GSKit return code is 575051
    
    
    
    
    Tivoli Storage Manager Versions Affected: 6.3, 7.1
    
    
    
    
    Initial Impact: Medium
    
    
    
    Additional Keywords: secure socket, TLS
    

Local fix

  • To work around this problem, delete the cert256.arm
    file and restart the Tivoli Storage Manager server. A new
    certificate and label will be created.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All Tivoli Storage Manager server users.                     *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See error description.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is currently *
    * projected to be fixed in levels 6.3.6 and 7.1.5.  Note that  *
    * this is subject to change at the discretion of IBM.          *
    ****************************************************************
    

Problem conclusion

  • This problem was fixed.
    At startup, when SSL is being used, new message ARN3339I will
    display the
    default certificate label name as in the following example:
    
    ANR3339I Default Label in key data base is TSM Server SelfSigned
    SHA Key.
    Explanation:
    The default SSL label in the key data base is displayed.
    System Action:
    Server or storage agent operation continues.
    User Response:
    None.
    
    Affected platforms:  AIX, HP-UX, Solaris, and Linux
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT12010

  • Reported component name

    TSM SERVER

  • Reported component ID

    5698ISMSV

  • Reported release

    71A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-10-28

  • Closed date

    2015-12-01

  • Last modified date

    2016-04-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TSM SERVER

  • Fixed component ID

    5698ISMSV

Applicable component levels

  • R63A PSY

       UP

  • R63H PSY

       UP

  • R63L PSY

       UP

  • R63S PSY

       UP

  • R63W PSY

       UP

  • R71A PSY

       UP

  • R71H PSY

       UP

  • R71L PSY

       UP

  • R71S PSY

       UP

  • R71W PSY

       UP



Document information

More support for: Tivoli Storage Manager

Software version: 7.1.3

Reference #: IT12010

Modified date: 26 April 2016