Configuring a storage agent to use SSL

Edit online

To ensure that data is encrypted for communication between the storage agent and the server and the storage agent and the client, configure the storage agents to communicate by using the SSL protocol.

Before you begin

You must have the server's certificate and the port number that the server is using. For more information, see Configuring the server to accept SSL connections.

Procedure

  1. Initialize the storage agent and add communication information to the device configuration file and the storage agent options file dsmsta.opt by issuing the DSMSTA SETSTORAGESERVER command. You must specify the SSL=YES parameter to create the key database file in dsmsta.opt. All passwords are encrypted in dsmsta.opt. 
    dsmsta setstorageserver myname=storage_agent_name mypa=sta_password 
myhla=ip_address servername=server_name serverpa=server_password hla=ip_address lla=ssl_port ssl=yes
  2. Create the key database certificate and default certificates by starting the storage agent.
  3. For the storage agent and the server, import the other's cert256.arm or CA-certificate files: 
    gsk8capicmd_64 -cert -add -label ip_address -db cert.kdb -stashed 
-file cert256.arm
    Tip: Use the IP address as the label name.
  4. You can view the certificates in the key database by issuing the following command: 
    gsk8capicmd_64 -cert -list -db cert.kdb -stashed
  5. Restart the storage agent and the server.
  6. Establish communication between the server and the storage agent by issuing the following command: 
    define server sta hla=ip_address lla=port serverpa=password ssl=yes