A fix is available
APAR status
Closed as documentation error.
Error description
To configure secure communication between hub and Operations Center, we documented steps below: https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.10/srv.in stall/t_oc_inst_ssl_configure_ochub.html Above steps only apply to users using "TSM Self-Signed Certificate" . For users using CA signed certificate on Hub, use the following steps: 1: Copy the Root and Intermediate certificate files from hub to Operations Center. These are the files used to configure secure communication on Hub using CA certificate: https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.10/srv.ad min/t_ssl_srvcfg_srv.html 2: On Operations Center: From the command line, change the directory to the keystore location: AIX/Linux:installation_dir/ui/Liberty/usr/servers/guiServer Windows: installation_dir\ui\Liberty\usr\servers\guiServer 3: Copy the root certificate and intermediate certificate files that you received from Hub to this location. 4: Stop the Operations Center web server 5: Make a backup copy of the Operations Center truststore: gui-truststore.jks. 6a: Receiving the CA signed certificate by using ikeycmd: ikeycmd_path/installation_dir/ui/jre/bin/ikeycmd -cert -add -db gui-truststore.jks -file intermediate_certificate_file Enter password for the truststore when it prompts Ikeycmd_path/installation_dir/ui/jre/bin/ikeycmd -cert -add -db gui-truststore.jks -file root_certificate_file Enter password for the truststore when it prompts note: ikeycmd_path: AIX/Linux: installation_dir/ui/jre/bin Windows: installation_dir\ui\jre\bin 6b: Receiving the CA signed certificate by using ikeyman: 1)ikeyman_path/ikeyman note: ikeyman_path: AIX/Linux:installation_dir/ui/jre/bin Windows: installation_dir\ui\jre\bin 2)Click Key Database File > Open. 3) In the Open dialog box, click Browse to open the directory and select the gui-truststore.jks file. Click OK. 4)In the Key database content area, select Signer Certificates, and click Add. 5) In the Open dialog box, specify the intermediate certificate and click OK. 6) repeat 4) and 5) and select root certificate and click OK 7: start Operations Center Platform/version affected: IBM spectrum Protect operations Center on all supported platforms additional keywords: TS004100689 OC hub ssl
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All IBM Spectrum Protect server users. * **************************************************************** * PROBLEM DESCRIPTION: * * See error description. * **************************************************************** * RECOMMENDATION: * * Update documentation as needed. * ****************************************************************
Problem conclusion
Updates are required in the IBM Spectrum Protect documentation that describes how to configure secure communications between a hub server and the Operation Center by using CA-signed certificates. The following updates are planned in the next release of IBM Spectrum Protect: A new topic "Between the Operations Center and hub server by using CA-signed certificates" was created. This topic describes the prerequisites and procedure for securing communications between the Operations Center and the hub server for users of CA-signed certificates. The topic will be added to the "Configuring for secure communication" section of the Installation guide in the IBM Knowledge Center. The Single-site disk and Multi-site disk Solution guides will also be updated to provide a link to the new topic. In these guides, the "About this task" section of the Securing communications between the Operations Center and the hub server" will be updated with the following statement: "If you use certificates that are signed by a certificate authority (CA), see "Securing communications between the Operations Center and the hub server by using CA-signed certificates". Affected platforms for reported release: AIX, Linux, and Windows.
Temporary fix
Comments
APAR Information
APAR number
IT33974
Reported component name
TSM SERVER
Reported component ID
5698ISMSV
Reported release
81L
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-08-31
Closed date
2020-11-17
Last modified date
2020-11-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L"}]
Document Information
Modified date:
27 August 2021