To ensure that data is encrypted for server-to-server communication, configure servers to
communicate with servers by using the SSL protocol.
About this task
Tip: If both servers are using IBM Spectrum Protect™ V8.1.2 or later software, SSL is automatically configured. Manual configuration is recommended but not required. If either the server or the storage agent is using IBM
Spectrum Protect software earlier than V8.1.2, you must manually configure SSL.
In the procedure, the following server addresses are used as examples:
- ServerA (the server you are connecting to) is at bfa.tucson.example.com
- ServerB is at bfb.tucson.example.com
Procedure
- Create the server key database by starting the server. The server key database file,
cert.kdb, is stored in the server instance directory.
- For each server, import the other server's cert256.arm or CA-certificate
files:
gsk8capicmd_64 -cert -add -label server_ip_address -db cert.kdb -stashed
-file cert256.arm
Tip: Use the IP address of the server as the label name.
- From each server, you can view the certificates in the key database by issuing the following
command:
gsk8capicmd_64 -cert -list -db cert.kdb -stashed
- Restart the servers.
- Issue the DEFINE SERVER command.
- For ServerA, issue the following command:
DEFINE SERVER BFB hla=bfb.tucson.example.com lla=1542
serverpa=passwordforbfb SSL=YES
- For ServerB, issue the following command:
DEFINE SERVER BFA hla=bfa.tucson.example.com lla=1542
serverpa=passwordforbfa SSL=YES