Posts Tagged ‘ssl certificates’

IBM Tivoli (Spectrum Protect) update self-signed client expiring SSL certificates

Wednesday, March 17th, 2021

IBM-Spectrum-protect-suite-logo

Say you're using Tivoli TSM to manage your backups for tsm (if you don't know what is IBM TSM (Spectrum Protect) Backup solution check my previous article on how to use IBM Tivoli to list configured, scheduled, how to do restore backups with dsmc console client.

And you follow below steps to enable SSL communication with a CA-signed certificate between Spectrum Protect client and server:

E.g. you have to

  • Obtained the CA root certificate.
  • Configure the clients. To use SSL, each client must import the self-signed server certificate.

Used the GSKit command-line utility (gsk8capicmd for 32-bit clients or gsk8capicmd_64 for 64-bit clients) to import the certificate.

ibm-tsm_ssl_config_selfsigned


1. The problem

This self-signed certificates has expire date which after some time might have expire date coming. If your environment has something like PCI security standards enabled and you do a Quarterly security scans with something like QualysGuard (Qaulys vulnerability management tool). 

In the case of Qualys scans you may receive GSK messages in dsmerro.log if the certificate is expiring:

 

03/04/2021 14:35:07 ANS9959W IBM Spectrum Protect acceptor received a non-critical network error 88, IBM Spectrum Protect return code : -50.

03/05/2021 13:04:59 ANS1579E GSKit function gsk_secure_soc_init failed with 414: GSK_ERROR_BAD_CERT

03/05/2021 13:04:59 TCP/IP received rc 88 trying to accept connection from server.

03/05/2021 13:04:59 ANS9959W IBM Spectrum Protect acceptor received a non-critical network error 88, IBM Spectrum Protect return code : -50.

 

2. To check the situation on the host with TSM self-signed expiry

 

2.1  First get the FQDN and certificate name

[root@redhat: ~ ]# FQDN=$(hostname –fqdn |tr '[:lower:]’ ‘[:upper:]');

 

[root@redhat: ~ ]# echo "FQDN to be used is: $FQDN. Please be careful it is correct (if machine has wrong FQDN) you might have issues";

[root@redhat: ~ ]# gsk8capicmd_64 -cert -list -db /etc/adsm/Nodes/$FQDN/spclicert.kdb -stashed


The gsk8capicmd_64 is IBM's tool to view and manage SSL certificates it is perhaps a C written binary that has a compiled patched version of a normal openssl tool. Using it is the ibm recommended way to manage Tivoli certificates.

2.2  Get details using -label=CERTNAME and check for expiration date

 

[root@redhat: ~ ]# gsk8capicmd_64 -cert -details -label $FQDN -db /etc/adsm/Nodes/$FQDN/spclicert.kdb -stashed

Certificates found
* default, – personal, ! trusted, # secret key
–       FQDN-OF-HOST.COM

 

3. To update the certificates

 

3.1 Copy the old certificates for backup

As usual do a backup in case if something goes wrong and you need to restore

[root@redhat: ~ ]# mkdir /root/certbck-tsm_$(date +"%b-%d-%Y")/

[root@redhat: ~ ]# cp -rpv /etc/adsm/Nodes/$FQDN/spclicert* /root/certbck-tsm_$(date +"%b-%d-%Y")/

 

3.2 Stop the dsmcad backup service

[root@redhat: ~ ]# systemctl stop dsmcad

Double check the service is stopped by checking for any remain dsm processes

[root@redhat: ~ ]# ps axf | grep dsm

3.3 Remove the expiring certificates from host

[root@redhat: ~ ]# rm -v /etc/adsm/Nodes/$FQDN/spclicert*

 

3.4 Generate new certificates with dsmc client

[root@redhat: ~ ]# dsmc query session -optfile="/opt/tivoli/tsm/client/ba/bin/dsm.opt"

 

3.5 Check if all is generated as expected

[root@redhat: ~ ]# ls -l  /etc/adsm/Nodes/$FQDN/spclicert*

3.6 Start the backup service

[root@redhat: ~ ]# systemctl start dsmcad

3.7  Check  /var/tsm/dsmwebcl.log for the port number of webclient

 [root@redhat: ~ ]# cat /var/tsm/dsmwebcl.log

03/16/2021 13:31:41 (dsmcad) ————————————————————
03/16/2021 13:31:41 (dsmcad) Command will be executed in 11 hours and 50 minutes.
03/16/2021 15:56:01 (dsmcad) ANS9959W IBM Spectrum Protect acceptor received a non-critical network error 88, IBM Spectrum Protect return code : -50.
03/17/2021 01:21:41 (dsmcad) Executing scheduled command now.
03/17/2021 01:22:53 (dsmcad) Next operation scheduled:
03/17/2021 01:22:53 (dsmcad) ————————————————————
03/17/2021 01:22:53 (dsmcad) Schedule Name:         0120_SCHED_P
03/17/2021 01:22:53 (dsmcad) Action:                Incremental
03/17/2021 01:22:53 (dsmcad) Objects:
03/17/2021 01:22:53 (dsmcad) Options:               -subdir=yes
03/17/2021 01:22:53 (dsmcad) Server Window Start:   01:20:00 on 03/18/2021
03/17/2021 01:22:53 (dsmcad) ————————————————————
03/17/2021 01:22:53 (dsmcad) Command will be executed in 12 hours.
03/17/2021 13:22:53 (dsmcad) Executing scheduled command now.
03/17/2021 13:22:54 (dsmcad) Next operation scheduled:
03/17/2021 13:22:54 (dsmcad) ————————————————————
03/17/2021 13:22:54 (dsmcad) Schedule Name:         0120_SCHED_P
03/17/2021 13:22:54 (dsmcad) Action:                Incremental
03/17/2021 13:22:54 (dsmcad) Objects:
03/17/2021 13:22:54 (dsmcad) Options:               -subdir=yes
03/17/2021 13:22:54 (dsmcad) Server Window Start:   01:20:00 on 03/18/2021
03/17/2021 13:22:54 (dsmcad) ————————————————————


 [root@redhat: ~ ]# grep -i port /var/tsm/dsmwebcl.log
03/11/2021 16:59:19 (dsmcad) ANS3000I TCP/IP communications available on port 37506.
03/12/2021 11:35:21 (dsmcad) ANS3000I TCP/IP communications available on port 40510.
03/12/2021 14:53:03 (dsmcad) ANS3000I TCP/IP communications available on port 45005.

 

3.8  You can check the certificate expiery mask yourself as qualys scanner and check the new certificate 

[root@redhat: ~ ]# dsmc_port=$(netstat -tulpan|grep -i dsm|awk '{ print $4 }'|cut -d":" -f2);
[root@redhat: ~ ]# echo $dsmc_port

[root@redhat: ~ ]# openssl s_client -servername 127.0.0.1 -connect 127.0.0.1:$dsmc_port |  openssl x509 -noout -dates

notBefore=Mar  6 14:09:55 2021 GMT
notAfter=Mar  7 14:09:55 2022 GMT

Hopefully your expiry date is fine that means you're done, you can place the steps in a single script to save time, if you have to run it in a year time.

My E-Marketing Report Final Godaddy.com Versus Enom.com for Download (Godaddy.com compared to Enom.com)

Monday, April 4th, 2011

Some few months ago, I’ve posted some study materials for e-marketing & commerce course (discipline) that I followed in Arnhem Business School (ABS)
Apart from that I had a final assignment which was supposed to be handed in some few weeks before the begging of the Christmas break.

The Emarketing assignment’s aim was to make a comparison of two websites which are operating in the same or very similar business field

The report’s goal was to present to the E-marketing teacher which in my case was Peter Stemers that the student has been acquainted with the basic theories of Emarketing.
The project was actually rather easy and the main issue to build up a project like this is the start up to complete it you just need to put a start and persist in expanding the document.

As the topic was very interesting to myself I started quite early in preparing my assignment (just a few weeks after it was assigned).

I’ve considered my profound interest into Information and Computer Technology (ICT) and decided to create a report which evaluates two websites which are into the IT sphere.
After a examination over a few possible domain names like for example:
Verizon – verizon.com and AT&T – att.com
1& 1and1.co.uk and Godaddy etc.

I’ve finally set my websites to compare choice on: Godaddy.com and enom.com

The criterias for selection of Godaddy and Enom as a target companies to compare their online business was as follows::

1. Both Godaddy and Enom are into the same business online industry, ( e.g. domain selling, reselling, blog hosting, webhosting, SSL certificates, online presence Search Engine optimization etc.)
Some other selection factor that convinced me to choose exactly Enom.com and Godaddy were that this are the biggest companies in the domain names selling IT sector and even better the Domain Selling industry has a tight relation to the History of how the Internet emerged.

The report became really thoroughful, the Godaddy vs Enom emarketing report has the size of 59 pages. Officially the study criterias has been that normally the usual student emarketing reports contains about 15 to 20 pages, however as the business products and services that this huge internet domain reseller companies has, I was forced to exceed the set teacher limitation of 20 pages and do it in 59 pages.

I’ve handed in my emarketing report and Peter Stemers graded it with 8.5 points from 10 possible (which by the way is quite a high mark for Arnhem Business School)

By the wat the E-marketing course was quite a silly one though for people that are not have an avarage computer knowledge and interest into Internet Commerce it was okay.

To read the table of contents of the Report comparison Enom compared to Godaddy click over here
Here is also my Emarketing Final Report Godaddy.com vs Enom.com (Godaddy.com compared to Enom.com) in both PDF and DOC, I hope this reports will be helpful to some marketing researchers out there to get an estimate on how the two companies are performing in the domain selling and reselling business:

1. Download My Emarketing and E-commerce report Godaddy Versus Enom.com (Godaddy Compared to Enom.com) doc version

2. Download E-marketing report Godaddy.Com VS Enom.Com (Godaddy.com Compared to Enom.com) in PDF

Compiling this Emarketing report costed me a lot of effort and time, the overall completion of the report has took me about a two weeks time, whether each day I worked a couple of hours on it.
I express also my big thanks to Alex Petrov (a friend of mine) for helping me read and review the report and fix some minor errors in sentence structures and my language of expression.

The Godaddy VS Enom Emarketing report outlines, numerous pitfalls that both Enom Company and Go Daddy has done in terms of SEO, Emarketing, user friendliness and usability

I believe this report could be really helpful for the these two competitive companies and could help them improve both their user image, their accessibility and Search Engine indexing.
On the other hand the report could be a good example for (HAN – Arnhem Business School E-Marketing) students on how to write a good looking Emarketing report to give themselves a pass.

An interesting fact is that before I decide to publish the report online and make it available to everyone I tried a known selling marketing report, I tried to offer to both Godaddy.Com and Enom.Com to sell them this report by sending the offer to their marketing and sales guys.
Enom.com has returned me an email, that they will look forward to my request, whether with Godaddy I have received an email by Go Daddy founder and CEO Bob Parons and the COO Warren Adelman

I will present you here the reply just to show you how impodent this mans are! My offer to sell them this great report for the symbolic sum of 200 EUR which will help their companies grow was considered I quote: “Unsolicated Report”.
Below I present you my offer email plus the impudent reply email by GoDaddy’s CEO and CEO:


SNAP – My Email to Godaddy
Hi Bob,

My name is Georgi Georgiev and I’m currently completing my bachelor in
Business Administration in HAN University of Applied Sciences (The
Netherlands).

Currently I’m developing an E-marketing report which is comparing the 2
largest internet domian registrars
godaddy.com and enom.com.

The report is a in depth SEO and E-marketing analysis of current
positioning in major search engines of Godaddy.com and Enom.com as well
as an overall analysis of user user friendliness, screen resolution
readiness of the two websites.
In the report I also analyse the behaviour of the enom.com and
godaddy.com as tested with different major Internet web browsers,
general user experience. External statistical websites etc. etc.

This research document does also concludes what are the strengths &
weaknesses of both your company and enom.com. The aim of the report is
to show, what Godaddy advantages and pitfalls if compared to Enom.com.

It also includes a number of suggestion for improvements which will be
beneficial for your company to drive more internet traffic to you as
well as increase your number of customers.

The report is 60 pages long document and includes many things that might
be beneficial for your business.

If you’re interested into the report and you’d like to buy it for me for
a very cheap price of 200 EUR, please contact me on my mail
hipo@www.pc-freak.net or systemexec@gmail.com.

Best Regards,
Georgi


Georgi Georgiev

——
END of SNAP

SNAP – Godaddy’s Bob Parson and Warren Adelman Reply Email:

Office of the President Response
Dear Georgi Georgiev,

Thank you for contacting the Office of the President. Our CEO, Bob Parsons, and President and COO, Warren Adelman, have asked me to respond on their behalf.

We value your time and appreciate the information you have provided regarding this request. Please understand that we are not seeking to acquire any unsolicited reports of this nature at this time.

Thank you for your understanding.

Sincerely,

Jordan McAlister

Hope this post is helpful to some students stucked with writting their E-marketing report
I also hope it shows how proficient, I’m in building reports and might be a good exapmle on how qualitative my work is and enhearten somebody to hire me as an E-marketing consultant 😉