Optimize security by using certificates with SHA256 signatures

If a server has an MD5-signed certificate that is labeled "TSM Server SelfSigned Key" set as the default when you upgrade to IBM Spectrum Protect™ Version 8.1.4, the default certificate is automatically updated to use a certificate with a Secure Hash Algorithm (SHA) signature.

In releases prior to V7.1.8, the default certificate was labeled "TSM Server SelfSigned Key" and had an MD5 signature, which does not support the Transport Layer Security (TLS) 1.2 protocol that is required by default for V8.1.2 or later clients and the Operations Center. Beginning with V8.1.4, servers that use the MD5-signed certificate as the default are automatically updated to use a default certificate with a SHA signature that is labeled "TSM Server SelfSigned SHA Key". A copy of the certificate is stored in the cert256.arm file, which is located in the server instance directory.

For the latest information about V8.1.4 security updates, see technote 2004844.

Related concepts:
SSL and TLS communication
Related tasks:
Configuring storage agents, servers, clients, and the Operations Center to connect to the server by using SSL