Välkommen till Cristie Nordic Sverige, genom lång erfarenhet och specialisering gör vi ditt data tillgängligt.

 

Cristie Nordic AB är den del av PEDAB Group sedan 2019 och är etablerade i alla nordiska länderna, Baltikum, DACH, Frankrike och Polen med en omsättning på c:a 2 miljarder kronor.

Cristie Studio är kontor dit vi bjuder in våra kunder för att tillsammans skapa lösningar anpassade efter behovet.

För mer information, besök vår internationella hemsida.

  • LinkedIn - White Circle
  • Twitter - White Circle

© 2018 Cristie Nordic AB

  • Magnus Thunberg

ISP Backup-Archive, ANS1593E Cannot open the key database


Since IBM Spectrum Protect (ISP) Server 8.1.2 and above, I've got several questions after upgrade, facing the following issue from the Backup-Archive clients when starting the User Interface.

The reason is that IBM start using TLS 1.2 as standard protocol when communicate with the ISP Server. Normally this should be taken care of automatic, but not always.

To solve this issue, you need to copy the cert265.arm from the “TSM Instance Server Directory”.

Or you can copy the text from file by running the command more/cat and copy all data including BEGIN part and the END Part of the file.

c:\Program Files\Tivoli\TSM\SERVER1>more cert256.arm

-----BEGIN CERTIFICATE-----

….

MIIDcjCCAlqgAwIBAgIIDaeIX7indq4wDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE

BhMCVVMxDDAKBgNVBAoTA1RTTTEUMBIGA1UECxMLVFNNIE5ldHdvcmsxJDAiBgNV

….

-----END CERTIFICATE-----

On the client that have the problem, copy or create cert256.arm file to your BAClient Directory ex. “C:\Program Files\Tivoli\TSM\BaClient\cert256.arm” and copy the key from the server or copy the cert256.arm file

Open a Command Prompt Window as a Administrator.

Run following command to insert the ISP Server public key

gsk8capicmd_64 -cert -add -label "ISPSERVERNAME" -format ascii -file “C:\Program Files\Tivoli\TSM\BaClient\cert256.arm” -db dsmcert.kdb -stashed

If it doesn’t work, make sure you have the system variable %PATH% configured correctly.

set path=%path%;C:\Program Files\Common Files\Tivoli\TSM\api64\gsk8\bin;C:\Program Files\Common Files\Tivoli\TSM\api64\gsk8\lib64

Now let’s try to add the Cert256.arm to your local dsmcert.kdb database.

gsk8capicmd_64 -cert -add -label "ISPSERVERNAME" -format ascii -file “C:\Program Files\Tivoli\TSM\BaClient\cert256.arm” -db dsmcert.kdb -stashed

If it still doesn’t work and you maybe get a CTGSK3026W issue that the database doesn’t exist.

You can then create a new database by running

gsk8capicmd_64 -keydb -create -populate -db dsmcert.kdb -pw tsm -stash

When you have create your new dsmcert.kdb file, add the certificated in to the new database.

To verify if the certificate have been installed you can then list all installed certificated.

gsk8capicmd_64 -cert -list -db dsmcert.kdb -stashed

#cert256arm #IBMSpectrumProtect #IBMSpectrumProtect812 #ANS1593E

1,801 views