IT12010: SERVER-TO-SERVER SSL COMMUNICATION FAILS USING CA-SIGNED CERTIFICATES.

APAR status

Closed as program error.

Error description

Error Description: Server-to-server SSL communication fails when
using CA-signed certificates and when the "TSM Server
SelfSigned SHA Key" label has been deleted from the key
database. This error message will appear in the activity log:





ANR8582E An SSL open-socket error occurred on session <###>.
  The GSKit return code is 575051




Tivoli Storage Manager Versions Affected: 6.3, 7.1




Initial Impact: Medium



Additional Keywords: secure socket, TLS

Local fix

To work around this problem, delete the cert256.arm
file and restart the Tivoli Storage Manager server. A new
certificate and label will be created.

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
* All Tivoli Storage Manager server users.                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See error description.                                       *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This problem is currently *
* projected to be fixed in levels 6.3.6 and 7.1.5.  Note that  *
* this is subject to change at the discretion of IBM.          *
****************************************************************

Problem conclusion

This problem was fixed.
At startup, when SSL is being used, new message ARN3339I will
display the
default certificate label name as in the following example:

ANR3339I Default Label in key data base is TSM Server SelfSigned
SHA Key.
Explanation:
The default SSL label in the key data base is displayed.
System Action:
Server or storage agent operation continues.
User Response:
None.

Affected platforms:  AIX, HP-UX, Solaris, and Linux

Temporary fix

Comments

APAR Information

APAR number
IT12010
Reported component name
TSM SERVER
Reported component ID
5698ISMSV
Reported release
71A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-10-28
Closed date
2015-12-01
Last modified date
2016-04-26

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
TSM SERVER
Fixed component ID
5698ISMSV

Applicable component levels

[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.3"}]

Document Information

Modified date:
28 August 2023

Tips

IT12010: SERVER-TO-SERVER SSL COMMUNICATION FAILS USING CA-SIGNED CERTIFICATES.

Direct links to fixes

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

Document Information

Share your feedback

Need support?