Transport Layer Security (TLS) 1.2 is a Secure Sockets Layer (SSL) protocol that is available for use with Tivoli® Storage Manager V6.3. TLS 1.2 can be used only with version 6.3 clients. The SSLTLS12 option controls TLS 1.2 for Version 6.3 clients.
To use SSL with self-signed certificates, use the SSLTLS12 option
and distribute a new self-signed certificate to all V6.3 clients.
Parameters
- Yes
- Specifies that the server makes TLS 1.2 available for SSL sessions
from V6.3 Backup-Archive Clients.
- Set SSLTLS12 to Yes in the server options file.
- Change the default certificate in the server key database file.
For example,
gsk8capicmd_64 -cert -setdefault -db cert.kdb -pw password -label "TSM Server SelfSigned SHA Key" - Restart the server.
- Distribute the cert256.arm file to the V6.3 clients.
Tip: The cert256.arm file is generated by the V6.3 server for distribution to the V6.3 clients. The cert.arm file might also be generated by the V6.3 server, but is meant for distribution to earlier clients. To show the available certificates, issue the gsk8capicmd_64 -cert -list -db cert.kdb -pw password command. - No
- Specifies that the server uses TLS 1.1 for SSL sessions. No is the default.
Example: Make TLS 1.2 available for SSL sessions
SSLTLS12 yes