TSM self-signed certificate problem?

[justmaxis]

The Nessus scan the weakness from TSM self-signed certificate
If I don't use OC , can I delete the TSM self-signed certificate?
How to delete TSM self-signed certificate?
after delete TSM self-signed certificate, dsmadmc still use?

 

[Trident]

Hi,

The webserver for OC uses a different certificate than IBM SP.

For IBM SP, you can find the certificate like this (the one with a star is the one in use):

bash-5.0# gsk8capicmd_64 -cert -list -db cert.kdb -stashed
Certificates found
* default, - personal, ! trusted, # secret key
!       "Root CA"
!       "Sub CA"
!       ::0
!       tsmXX.some.domain:1500:0
-       "TSM Server SelfSigned SHA Key"
*-      host.domain.com

I guess (not sure) that IBM SP will create a self signed cert if it does not exist.

For OC, you can use a signed certificate

Configuring the Operations Center for SSL communication between the Operations Center and the hub server

Rgds,

 

[justmaxis]

Thanks for reply
But My site don't use OC

I use the command
C:\Program Files\Tivoli\TSM\SERVER2>gsk8capicmd_64 -cert -getdefault -db cert.kdb -stashed
[NOTE: This command is deprecated]

Label: TSM Server SelfSigned SHA Key
Key Size: 2048
Version: X509 V3
Serial : 099238e09aa0b9b6
Issuer: "CN=TSM Self-Signed Certificate,OU=TSM Network,O=TSM,C=US"
Subject: "CN=TSM Self-Signed Certificate,OU=TSM Network,O=TSM,C=US"
Not Before : 2021年8月15日 下午11時24分33秒 GMT+08:00

Not After: 2031年8月14日 下午11時24分33秒 GMT+08:00

Fingerprint:
2ced30f2a1d0b14a31e81af631465ae0
a81bb330


SO, if I delete TSM Server SelfSigned SHA Key
Is dsmadmc still work?

 

[Trident]

For version 8.1.2 and higher you need a certificate. Either a self signed, or a signed one.

Rgds,