7.3 Configuration Options

To configure SMDR to use SSL with certificates, update the SMDR configuration file with the following SSL options on the NetWare server. The configuration file is located at SYS:ETC\SMS\SMDR.CFG.

7.3.1 Server Certificate Options

The options specified below, enables you to configure server-side SMDR to use certificate-based SSL protocol. Refer to Section 7.2, SMDR as a Client and Server for details on SMDR’s behavior as a server.

Table 7-1 Server Certificate Options

Options

Description

PublicKey

Path of the server's public key certificate file. By default, this is disabled.

PublicKeyType

The format of the server’s publickey certificate file. This option accepts either PEM or DER. By default, the value is PEM.

PrivateKey

Path of the server's private key certificate file. By default, this is disabled.

PrivateKeyType

The format of the server’s privatekey certificate file. This option accepts either PEM or DER. By default, the value is PEM.

7.3.2 Client Certificate Options

The following options are used to enable client-side SMDR to use the certificate-based SSL protocol. Refer to Section 7.2, SMDR as a Client and Server for details on SMDR behavior as a client

Table 7-2 Client Certificate Options

Options

Description

TrustedCertificate

Path of the trusted CA certificate. By default, this is disabled.

TrustedCertificateType

The format of the trusted CA certificate. This option accepts either PEM or DER. By default, the value is PEM.

7.3.3 Miscellaneous Options

Table 7-3 Miscellaneous Options

Options

Description

LegacyConnections

Specifies if connections can be established with older SMDRs that do not support SSL. This is a Boolean switch and can be configured as enable or disable. The default value is enable. This is applicable only when SMDR behaves as a client. Refer to Section 7.2, SMDR as a Client and Server for more information.

DataEncryption

Specifies if the data needs to be encrypted or not. This can be configured as optional or mandatory. If the host server and target server are configured as optional, the data is not encrypted and only authentication information is encrypted. If either the client or the server is configured as mandatory then the data is also encrypted.

NOTE:Because performance is critical during backup, you can optionally configure SMDR to use SSL to only encrypt sensitive authentication information instead of all communications between SMDRs. To do this, disable the DataEncryption option.

7.3.4 SSL Option Considerations

When configured with some SSL options, SMDR can result in connection failures to other SMDRs on the network. The following information details how different options impact the connection behavior in SMDR.

Table 7-4 lists client SMDR configuration options that force client SMDR to establish communication to only SSL-enabled SMDRs on the network. Attempts to connect to SMDRs that are not configured to use SSL result in connection failures.

Table 7-4 SSL Interoperability between Client and Server SMDRs

Client SMDR Options

Server SMDR Configuration

Connection Status

TrustedRootCertificate: <path>

LegacyConnections: disable

PublicKey and PrivateKey

Pass

TrustedRootCertificate: <path>

LegacyConnections: disable

PublicKey and PrivateKey configured

Fail

LegacyConnections: disable

SSL enabled SMDR

Pass

LegacyConnections: disable

Legacy SMDR

Fail