What is totally clear to me is that the entire transition to TLS1.2 all the way
is potentially messy. We possibly have to remove server definitions in an
enterprise setup, communications might (or might not) break, and in any case an
extra server restart is required after everything has been
When using client-side encryption with key=generate, when I try either backup
or archive directly to a tape pool, the client will try to mount volumes until
it failes.
Tsm windows client 7.1.4, server 7.1.7.1 on RHEL 6.9.
Collocation is set to group (default) on the tape storage pool.
Any
Now I am not sure how BAC 8.1.2 works with TSM 7.1.7.
Could you please check your test client with and without "SSL OFF" for
dsmcert.idx, dsmcert.kdb and dsmcert.sth in baclient folder? And if they exist,
what's happened when you remove those files and start client?
Sorry if I pointed you in
Thank you for the information and links. I did see the YouTube video you
refer to.
Since we don't use SSL/TLS at all (I suspect we will with a big emphasis on
PCI security), do I simply need to add "SSL NO" to the client dsm.opt
files so it won't try to use SSL? We finally installed (upgraded)
You must update server certificate to SHA-256 before upgrading clients or
disable SSL in dsm.opt on all of them.
BAC 8.1.2 remembers server certificate and uses TLS by default, it will work
with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and OC to
8.1.2. During upgrade
