Novell Doc: OES 2 SP3: Storage Management Services Administration Guide for Linux

7.3 Configuration Options

To configure SMDR to use SSL with certificates, update the SMDR configuration file with the SSL options in this section.

7.3.1 Server Certificate Options

The options specified below, enables you to configure server-side SMDR to use certificate-based SSL protocol. See Section 7.2, SMDR as a Client and Server for details on SMDR’s behavior as a server.

Table 7-1 Server Certificate Options

Options	Description
PublicKey	Path of the server’s public key certificate file. By default, this is disabled.
PublicKeyType	The format of the server’s publickey certificate file. This option accepts either PEM or DER. By default, the value is PEM.
PrivateKey	Path of the server’s private key certificate file. By default, this is disabled.
PrivateKeyType	The format of the server’s privatekey certificate file. This option accepts either PEM or DER. By default, the value is PEM.

7.3.2 Client Certificate Options

The following options are used to enable client-side SMDR to use the certificate-based SSL protocol. See Section 7.2, SMDR as a Client and Server for details on SMDR behavior as a client

Table 7-2 Client Certificate Options

Options	Description
TrustedCertificate	Path of the trusted CA certificate. By default, this is disabled.
TrustedCertificateType	The format of the trusted CA certificate. This option accepts either PEM or DER. By default, the value is PEM.

7.3.3 Miscellaneous Options

Table 7-3 Miscellaneous Options

Options	Description
LegacyConnections	Specifies if connections can be established with older SMDRs that do not support SSL. This is a Boolean switch and can be configured as enable or disable. The default value is enable. This is applicable only when SMDR behaves as a client. See Section 7.2, SMDR as a Client and Server for more information.
DataEncryption	Specifies if the data needs to be encrypted or not. This can be configured as optional or mandatory. If the host server and target server are configured as optional, the data is not encrypted and only authentication information is encrypted. If either the client or the server is configured as mandatory then the data is also encrypted.

NOTE:Because performance is critical during backup, you can optionally configure SMDR to use SSL to only encrypt sensitive authentication information instead of all communications between SMDRs. To do this, disable the DataEncryption option.

7.3.4 SSL Option Considerations

When configured with some SSL options, SMDR can result in connection failures to other SMDRs on the network. The following information details how different options impact the connection behavior in SMDR.

Table 7-4 lists client SMDR configuration options that force client SMDR to establish communication to only SSL-enabled SMDRs on the network. Attempts to connect to SMDRs that are not configured to use SSL result in connection failures.

Table 7-4 SSL Interoperability between Client and Server SMDRs

Client SMDR Options	Server SMDR Configuration	Connection Status
TrustedRootCertificate: <path> LegacyConnections: disable	PublicKey and PrivateKey	Pass
TrustedRootCertificate: <path> LegacyConnections: disable	PublicKey and PrivateKey configured	Fail
LegacyConnections: disable	SSL enabled SMDR	Pass
LegacyConnections: disable	Legacy SMDR	Fail