To ensure that data is encrypted for communication between the storage agent and the
server and the storage agent and the client, configure the storage agents to communicate by using
the SSL protocol.
Procedure
-
Initialize the storage agent and add communication information to the device configuration file
and the storage agent options file dsmsta.opt by issuing the DSMSTA
SETSTORAGESERVER command. You must specify the SSL=YES parameter to
create the key database file in dsmsta.opt. All passwords are encrypted in
dsmsta.opt.
dsmsta setstorageserver myname=storage_agent_name mypa=sta_password
myhla=ip_address servername=server_name serverpa=server_password hla=ip_address lla=ssl_port ssl=yes
-
Create the key database certificate and default certificates by starting the storage
agent.
-
For the storage agent and the server, import the other's cert256.arm or
CA-certificate files:
gsk8capicmd_64 -cert -add -label ip_address -db cert.kdb -stashed
-file cert256.arm
Tip: Use the IP address as the label name.
-
You can view the certificates in the key database by issuing the following command:
gsk8capicmd_64 -cert -list -db cert.kdb -stashed
-
Restart the storage agent and the server.
-
Establish communication between the server and the storage agent by issuing the following
command:
define server sta hla=ip_address lla=port serverpa=password ssl=yes