IBM® Global Security Kit (GSKit) supports Federal Information Processing Standards (FIPS140-2) and is also certified to provide SP800-131 compliant encryption. GKit is automatically installed by Tivoli® Storage FlashCopy® Manager for VMware.
Tivoli Storage FlashCopy Manager for VMware uses the security suite IBM Global Security Kit (GSKit), for Secure Socket Layer (SSL) and Transport Layer Security (TLS) TCP/IP connections. GSKit is certified to provide SP800-131 compliant encryption and uses the SSL protocol TLS V1.2. To enforce SP800-131 encryption during the configuration of Tivoli Storage FlashCopy Manager for VMware, the ENFORCE_TLS12 parameter must be set to YES, otherwise the SSL protocol TLS version 1.0 and 1.1 is enabled.
The KDB file contains a new key pair and a self-signed certificate.
The request database file is used to store certificate requests that are associated with the key database and is automatically created when Tivoli Storage FlashCopy Manager for VMware creates a key database file. This file is created with the same name as the key database file, but with a .rdb extension.
The password that is protecting the key database file is generated automatically and is stored in the encrypted stash file.
The file is used to export the public part of the self-signed certificate and import it to the backup and cloning servers. You must not delete this file unless you import a CA signed certificate to the key database fcmcert.kdb replacing the self-signed one.
The file contains a list of revoked certificates.
If you are using a CA signed certificate, you must use the GSKit command-line utilities to import the certificate to the server.