ADSM-L

[ADSM-L] Howto add CA to the GSK key database?

2012-11-05 12:21:45
Subject: [ADSM-L] Howto add CA to the GSK key database?
From: "Arbogast, Warren K" <warbogas AT INDIANA DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 5 Nov 2012 17:10:38 +0000
We are planning to add support of SSL transmission of client backup files to 
the TSM server, which requires that an SSL certificate be added to the GSK key 
database.

However, Indiana University mandates that CA signed certificates, not 
self-signed, be used for sensitive data transmission. Further, the certificate 
must be obtained from a specified Certificate Service whose back-end vendor is 
Comodo. Comodo is not included in the GSKit list of trusted root certificates. 
(See TSM Server Admin Guide for Linux 6.3, page 457.)


How can another Trusted CA be added to the GSkit key database? My real question 
is 'can it be done'? Under another product heading, but within GSKit 
documentation I found the statement, "In order to use the GSKit option to set a 
certificate as a trusted root, the certificate must be self-signed."

Our TSM servers are on RHEL5, and are at TSM server version 6.3.2. The versions 
of GSK related programs are;
gsk7bas64-7.0-4.27
gskcrypt32-8.0-13.4
gskssl32-8.0-13.4
gskcrypt64-8.0-14.14
gskssl64-8.0-14.14


Thank you for any insight you can provide on this problem.

Keith Arbogast

Indiana University

<Prev in Thread] Current Thread [Next in Thread>