Configuring storage agents, servers, clients, and the Operations Center to connect to the server by using SSL
Configure Secure Sockets Layer (SSL) on the IBM® Storage Protect server, backup-archive client, storage agent, and the Operations Center to ensure that data is encrypted during communication.
You can use a self-signed SSL certificate or a signed certificate from a third-party certificate authority (CA) to verify an SSL communication request between the server, client, and storage agent. Each IBM Storage Protect server, client, or storage agent that enables SSL must use a trusted self-signed certificate or obtain a unique certificate that is signed by a CA.
If you use a self-signed certificate, the certificate is automatically created for each server and storage agent. If you use a CA-signed certificate, the root and intermediate certificates must be installed on each key database for the client, server, and storage agent that initiates SSL communication. The certificate is verified by the SSL client or server that requests or initiates the SSL communication. The benefit of CA-signed certificates is that a single CA-signed certificate can be used for multiple servers, and you can change the server certificates without needing to redistribute them to clients.