Question & Answer
Question
How to setup SSL communication on Unix/Linux Backup Archive clients running legacy security settings below TLS 1.2.
Cause
Detailed step by step description for the setup of SSL communication on Unix/Linux Backup Archive clients.
Answer
Please follow the instructions below to setup SSL communication using cert.arm ( Pre TLS 1.2 version of SSL keys)
1. On Tivoli Storage Manager server >> To Enable SSL when configure Tivoli Storage Manager instance, add below two lines to dsmserv.opt and restart Tivoli Storage Manager server:
SSLTCPPort 1542
SSLTCPADMINPort 1543
2. On Tivoli Storage Manager client >> get cert.arm from Tivoli Storage Manager server's instance directory and rename it to cert_<Tivoli Storage Manager_server>.arm,
then run below commands in $DSM_DIR:
gsk8capicmd_64 -keydb -create -db dsmcert.kdb -pw <password> -stash -populate
gsk8capicmd_64 -cert -add -db dsmcert.kdb -pw <password> -label "Tivoli Storage Manager server SERVERNAME self-signed key" -file ./cert_SERVERNAME.arm -format ascii -trust enable
3. On Tivoli Storage Manager client >> confirm the Tivoli Storage Manager server's certificate has been added to client's trusted certificate store:
userlogin> gsk8capicmd_64 -cert -list all -db dsmcert.kdb -pw <password>
Certificates found
* default, - personal, ! trusted
! Tivoli Storage Manager server USER self-signed key
! Tivoli Storage Manager server SERVERNAME self-signed key
Tivoli Storage Manager server
userlogin>
Please run the same command from the Tivoli Storage Manager server's console.
4. On Tivoli Storage Manager client >> Add configuration in $DSM_DIR/dsm.sys:
SErvername SERVERNAME-ssl
COMMMethod TCPip
SSL YES
TCPPort 1542
TCPADMINPORT 1500
TCPServeraddress TCP/IP address of the migrated Tivoli Storage Manager server
5. On Tivoli Storage Manager server >> Try to establish client-server ssl connection using below command from the Tivoli Storage Manager server:
dsmadmc -se=SERVERNAME-ssl
Please replace the SERVERNAME with the actual Tivoli Storage Manager server name.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21968051