Hi all, I'm configuring a TSM client to communicate with the server via SSL. The following have configured on the client:
Create DB Key
#gsk8capicmd_64 -keydb -create -populate -db dsmcert.kdb -pw eyre1205 -stash
Add Certifiqcate cert.arm
#gsk8capicmd_64 -cert -add -db dsmcert.kdb -stashed -label "TSM Server TSM-CBCO" -file /usr/local/ibm/gsk8_64/bin/cert.arm -format ascii
The dsm.opt file:
SErvername TSM-CBCO
NODENAME PEHTTPPRODCH01
TCPSERVERADDRESS 172.21.206.141
compression yes
TCPPort 3700
SSL Yes
PASSWORDACCESS generate
TCPBuffSize 64
COMMMethod TCPip
resourceutilization 5
changingretries 4
commrestartduration 120
commrestartinterval 15
SCHEDMODE prompted
schedlogretention 7
errorlogretention 7
schedlogname /tsmlogs/dsmsched.log
errorlogname /tsmlogs/dsmerror.log
And in the TSM Server is configured:
tsm: TSM-CBCO>q opt ssl*
Session established with server TSM-CBCO: Windows
Server Version 7, Release 1, Level 1.100
Server date/time: 03/10/2015 12:26:10 Last access: 03/09/2015 16:32:09
Server Option Option Setting
------------------------- -----------------------------------
SSLDisableLegacyTLS No
SSLTCPPort 3700
SSLTCPADMINPort 3800
SSLTLS12 No
SSLFIPSMODE No
When I want to achieve communication with the server with the command DSMC got the following error:
10/03/15 09:40:56 ANS1579E GSKit function gsk_get_last_validation_error failed with 575051: GSKVAL_ERROR_CA_MISSING_CRITICAL_BASIC_CONSTRAINT
10/03/15 09:40:56 ANS9020E Could not establish a session with a TSM server or client agent. The TSM return code is -370.
10/03/15 09:40:56 ANS1695E The certificate is not valid.
Before TSM Server version was 6.3.5 and the current version is 7.1.1
TSM Client version is 6.3.0 (Operating System Linux redhat 5.5, 64 bit).
NOTE: with version 6.3.5 of the TSM Server and TSM 6.3.0 Client communication via SSL was satisfactory.
It can be problem TSM Client version?
Thanks
Create DB Key
#gsk8capicmd_64 -keydb -create -populate -db dsmcert.kdb -pw eyre1205 -stash
Add Certifiqcate cert.arm
#gsk8capicmd_64 -cert -add -db dsmcert.kdb -stashed -label "TSM Server TSM-CBCO" -file /usr/local/ibm/gsk8_64/bin/cert.arm -format ascii
The dsm.opt file:
SErvername TSM-CBCO
NODENAME PEHTTPPRODCH01
TCPSERVERADDRESS 172.21.206.141
compression yes
TCPPort 3700
SSL Yes
PASSWORDACCESS generate
TCPBuffSize 64
COMMMethod TCPip
resourceutilization 5
changingretries 4
commrestartduration 120
commrestartinterval 15
SCHEDMODE prompted
schedlogretention 7
errorlogretention 7
schedlogname /tsmlogs/dsmsched.log
errorlogname /tsmlogs/dsmerror.log
And in the TSM Server is configured:
tsm: TSM-CBCO>q opt ssl*
Session established with server TSM-CBCO: Windows
Server Version 7, Release 1, Level 1.100
Server date/time: 03/10/2015 12:26:10 Last access: 03/09/2015 16:32:09
Server Option Option Setting
------------------------- -----------------------------------
SSLDisableLegacyTLS No
SSLTCPPort 3700
SSLTCPADMINPort 3800
SSLTLS12 No
SSLFIPSMODE No
When I want to achieve communication with the server with the command DSMC got the following error:
10/03/15 09:40:56 ANS1579E GSKit function gsk_get_last_validation_error failed with 575051: GSKVAL_ERROR_CA_MISSING_CRITICAL_BASIC_CONSTRAINT
10/03/15 09:40:56 ANS9020E Could not establish a session with a TSM server or client agent. The TSM return code is -370.
10/03/15 09:40:56 ANS1695E The certificate is not valid.
Before TSM Server version was 6.3.5 and the current version is 7.1.1
TSM Client version is 6.3.0 (Operating System Linux redhat 5.5, 64 bit).
NOTE: with version 6.3.5 of the TSM Server and TSM 6.3.0 Client communication via SSL was satisfactory.
It can be problem TSM Client version?
Thanks