Thank you for the information and links. I did see the YouTube video you refer to.
Since we don't use SSL/TLS at all (I suspect we will with a big emphasis on PCI security), do I simply need to add "SSL NO" to the client dsm.opt files so it won't try to use SSL? We finally installed (upgraded) the 8.1.2 client on a Windows test machine and it connected and backed-up without any issues. We haven't tried scheduling since it is a test machine. On Tue, Aug 29, 2017 at 9:24 AM, Mikhail Tolkonyuk <[email protected]> wrote: > You must update server certificate to SHA-256 before upgrading clients or > disable SSL in dsm.opt on all of them. > > BAC 8.1.2 remembers server certificate and uses TLS by default, it will > work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and > OC to 8.1.2. During upgrade server generates new SHA-256 certificate and > clients no more able to connect to "untrusted server" with new certificate. > As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files > from client folder and reset transport method for node after server update, > but it's much easier to solve the issue in advance. > > Check the default cert with the following command: > gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed > > For more details watch Tricia's video about TLS 1.2: > https://youtu.be/QVPrxjmo_aU > > And see technote 2004844: > https://www-01.ibm.com/support/docview.wss?uid=swg22004844 > > > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of > Zoltan Forray > Sent: Tuesday, August 22, 2017 4:03 PM > To: [email protected] > Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers > > Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers? I > haven't had the chance to test such a configuration (since my lone test > server is at 8.1.1) and with the dire-warnings in the readme docs, I made > sure everyone on my staff knows to NOT install 8.1.2 clients. > > From the readme/docs: > > Upgrade your IBM Spectrum Protectâ„¢ servers to Version 8.1.2 before you > upgrade the backup-archive clients. > > > > If you do not upgrade your servers first, communication between servers > and clients might be interrupted. > > > -- > *Zoltan Forray* > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon > Monitor Administrator VMware Administrator Virginia Commonwealth University > UCC/Office of Technology Services www.ucc.vcu.edu [email protected] - > 804-828-4807 Don't be a phishing victim - VCU and other reputable > organizations will never use email to request that you reply with your > password, social security number or confidential personal information. For > more details visit http://infosecurity.vcu.edu/phishing.html > -- *Zoltan Forray* Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu [email protected] - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
