Spectrum Protect(TSM) expired certificate problem with database backups

[zeus1996]

Hi. certicate expired at spectrum protect (TSM) server, renewed it with this guide:
https://www.empalis.de/en/ibm-spectrum-protect-server-certificate-cert256arm-expired-troubleshooting-tips/
After that clients were able to connect to Spectrum, but Spectrum protects database (db2) backups failed.

errors:
tsmbgr log: ANS1579E GSKit function gsk_secure_soc_init failed with 406: GSK_ERROR_IO
activity log: ANR8599W The connection with S00030.tapiodmz01.fi:62300 failed due to an untrusted server certificate

so no connection in activity log with user:NODE:$$_TSMDBMGR_$$, which starts database backup

renewed also splicert files from Nodes\$$_TSMDBMGR_$$ folder

Have not found out what actual cert is backup using

thanks for answers

[Justin Derrick]

You didn't mention if you're using a Certificate Authority (CA) or a self-signed certificate, so the answer will be a little vague...

Check DB2's key database for the Spectrum Protect server certificate -- if the SP server cert is self-signed, you'll have to add a copy to the DB2 database's key db.  If the SP server cert was signed by your organization's CA, then you need to make sure you have the full certificate chain (root + intermediate certificates) inside that key database.

-JD.

[zeus1996]

Thanks Justin, yes imported cert256.arm to nodename keybase, problem solved

[jsquizz]

Just as an FYI - I have also seen this scenario when loading into S3/EMC, we had to add the .cer provided by the storage folks for it to work.