To ensure that data is encrypted for server-to-server communication, configure servers to
communicate with servers by using the SSL protocol.
About this task
Tip: If both servers are using Tivoli® Storage
Manager V7.1.8 software or IBM Spectrum Protect™ V8.1.2 or later software, SSL is automatically
configured. Manual configuration is recommended but not required. If either the server or the
storage agent is using Tivoli Storage
Manager software earlier
than V7.1.8 or IBM Spectrum
Protect software earlier than
V8.1.2, you must manually configure SSL.
In the procedure, the following server addresses are used as examples:
- ServerA (the server you are connecting to) is at bfa.tucson.example.com
- ServerB is at bfb.tucson.example.com
Procedure
- Create the server key database by starting the server. The server key database file,
cert.kdb, is stored in the server instance directory.
- For each server, import the other server's cert256.arm or CA-certificate
files:
gsk8capicmd_64 -cert -add -label server_ip_address -db cert.kdb -stashed
-file cert256.arm
Tip: Use the IP address of the server as the label name.
- From each server, you can view the certificates in the key database by issuing the following
command:
gsk8capicmd_64 -cert -list -db cert.kdb -stashed
- Restart the servers.
- Issue the DEFINE SERVER command.
- For ServerA, issue the following command:
DEFINE SERVER BFB hla=bfb.tucson.example.com lla=1542
serverpa=passwordforbfb SSL=YES
- For ServerB, issue the following command:
DEFINE SERVER BFA hla=bfa.tucson.example.com lla=1542
serverpa=passwordforbfa SSL=YES