IBM Support

IT33974: CONFIGURE SECURE COMMUNICATION BETWEEN HUB AND OC USING CA CERTIFICATE

A fix is available

IBM Spectrum Protect Operations Center V8.1.11 Download

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • To configure secure communication between hub and Operations
Center, we documented steps  below:

https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.10/srv.in
stall/t_oc_inst_ssl_configure_ochub.html

Above steps only apply to users using "TSM Self-Signed
Certificate" . For users using CA signed certificate on Hub, use
the following steps:

1:  Copy the  Root and Intermediate certificate files from hub
to Operations Center.  These are the files used to configure
secure communication on Hub using CA certificate:
https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.10/srv.ad
min/t_ssl_srvcfg_srv.html

2: On Operations Center:
From the command line, change the directory to the keystore
location:
AIX/Linux:installation_dir/ui/Liberty/usr/servers/guiServer
Windows: installation_dir\ui\Liberty\usr\servers\guiServer
3: Copy the root certificate and intermediate certificate files
that you received from Hub to this location.
4: Stop the Operations Center web server
5: Make a backup copy of the Operations Center truststore:
gui-truststore.jks.
6a: Receiving the CA signed certificate by using ikeycmd:
ikeycmd_path/installation_dir/ui/jre/bin/ikeycmd -cert -add -db
gui-truststore.jks  -file intermediate_certificate_file
Enter password for the truststore when it prompts
Ikeycmd_path/installation_dir/ui/jre/bin/ikeycmd -cert -add -db
gui-truststore.jks  -file root_certificate_file
Enter password for the truststore when it prompts
note:
ikeycmd_path:
AIX/Linux: installation_dir/ui/jre/bin
Windows: installation_dir\ui\jre\bin
6b:  Receiving the CA signed certificate by using ikeyman:
   1)ikeyman_path/ikeyman

note: ikeyman_path:
AIX/Linux:installation_dir/ui/jre/bin
Windows: installation_dir\ui\jre\bin
     2)Click Key Database File > Open.
     3) In the Open dialog box, click Browse to open the
directory and select the gui-truststore.jks file. Click OK.
     4)In the Key database content area, select Signer
Certificates, and click Add.
     5)  In the Open dialog box, specify  the intermediate
certificate and click OK.
      6) repeat 4) and 5) and select root certificate and click
OK
7: start Operations Center

Platform/version affected:
IBM spectrum Protect operations Center on all supported
platforms
additional keywords:
 TS004100689 OC hub ssl

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All IBM Spectrum Protect server users.                       *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See error description.                                       *
****************************************************************
* RECOMMENDATION:                                              *
* Update documentation as needed.                              *
****************************************************************

    



Problem conclusion


    

  • Updates are required in the IBM Spectrum Protect documentation
that describes how to configure secure communications between a
hub server and the Operation Center by using CA-signed
certificates. The following updates are planned in the next
release of IBM Spectrum Protect:
A new topic "Between the Operations Center and hub server by
using CA-signed certificates" was created. This topic describes
the prerequisites and procedure for securing communications
between the Operations Center and the hub server for users of
CA-signed certificates. The topic will be added to the
"Configuring for secure communication" section of the
Installation guide in the IBM Knowledge Center.

The Single-site disk and Multi-site disk Solution guides will
also be updated to provide a link to the new topic. In these
guides, the "About this task" section of the Securing
communications between the Operations Center and the hub server"
will be updated with the following statement: "If you use
certificates that are signed by a certificate authority (CA),
see "Securing communications between the Operations Center and
the hub server by using CA-signed certificates".

Affected platforms for reported release:  AIX, Linux, and
Windows.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT33974
    • 

  • Reported component name
    TSM SERVER
    • 

  • Reported component ID
    5698ISMSV
    • 

  • Reported release
    81L
    • 

  • Status
    CLOSED  DOC
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-08-31
    • 

  • Closed date
    2020-11-17
    • 

  • Last modified date
    2020-11-17
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            27 August 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback