Thanks.

TSM support also came up with this one as we logged the PMR. But
unfortunately, it does not apply to us, as we didn't delete the 'TSM
Server SelfSigned SHA key' from the certificate database.

   Bjoern


> I just noticed that apar IT12010: SERVER-TO-SERVER SSL COMMUNICATION FAILS 
> USING CA-SIGNED CERTIFICATES is fixed in TSM server 7.1.5.0.
> 
> David
> 
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of Bjoern Rackoll
> Sent: Tuesday, March 22, 2016 10:10 AM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] SSL 256 on Server version 7.1.4.100
> 
> Hi Markus,
> 
>> has anyone been able to use ssl with the cert256.arm? The ssl connection
>> using cert.arm runs fine, but we would like to move on to the cert256.arm.
>> We tried it on a Solaris10 server with ISP 7.1.4.100 and on a Windows 2012
>> Server with ISP 7.1.4.0, but have not been able to connect the admin
>> interface. TSM admin client was 7.1.1.3 and  7.1.4. Anyone know  any tweaks
>> and tricks to get it working?
> 
> in our test environment (server and client 7.1.4, OC and hub server
> Windows 2012 R2, spoke server AIX) the SSL connection using TSM server
> self-signed SHA certificates (cert256.arm) works just fine. We got it
> running without any problems, just by following the admin guide.
> 
> The problems came when we tried to add a spoke server running server
> version 6.3.4.300 with a CA issued certificate to our other OC and hub
> server (running version 7.1.3 both). There we get a ton of GSKit error
> messages, and the SSL connection only works from 6.3.4.300 to 7.1.3, but
> not the other way.
> 
> So, do you have any CA issued SSL certificates in your environment?
> 
> Regards,
> 


-- 
Björn Rackoll
Universität Hamburg
Regionales Rechenzentrum
Zentrale Dienste
Schlüterstr. 70
20146 Hamburg
Tel.: +49 (0)40 42838 - 63 11
Fax: +49 (0)40 42838 - 62 70
Mobil: +49 (0)172 427 0301
E-Mail: backup AT mailman.rrz.uni-hamburg DOT de