Sorry for the long winded message here. But it seems like every time I
touch the fanout drivers I end up spending lots of time trying to get
encrypted commo working correctly again, so I am trying to get an
understanding of the architecture. Any insight or documentation references
that can help my understand this would be greatly appreciated.
The current problem began with a driverset move from one server to another.
The old Primary driver is decommissioned. I am left with 1 new primary
driver (formerly a secondary in the system) and one remaining secondary
driver. zos/racf authentications work fine (DES) against both core drivers.
The primary works great provisioning IDs into the census.
What is not working is commo between the 2 drivers. Specifically when using
iManager fan-out Driver Utilities =>Component Status=>Core Driver Status.
This will only work for a specific driver when I go to port 3451 directly on
the specific box I want to check. I cannot go to the management interface
and check both core drivers.
Troubleshooting steps so far :
1 - I have run ASAM/fandrv-config option 2 on both core drivers. I do know
it updates ASAM/keys/ca.der, and ASAM/keys/ca.pem. I do not know where these
certs are actually used.
2 - I have copied both the ASAM/keys/ and the ASAM/data/CoreDriver/certs/
directories from the primary to the secondary. Then ran ASAM/fandrv-config
option 2 on the secondary. This was per recommendation from DSE. I do have
old directories/files if necessary to restore.
Here are the cert files defined as I understand:
ca.der = Updated by ASAM/fandrv-config utility option 2, Don't know where
this is needed or used.
ca.pem = Updated by ASAM/fandrv-config utility option 2, Don't know where
this is needed or used
dpwd1f40 = Driver Object Password, Updated by ASAM/fandrv-config utility
lpwd1f40 = Remoteloader Password, Updated by ASAM/fandrv-config utility
ASAM/data/CoreDriver/certs/ = I don't know where these certs are used or how
they are managed.
Here are MY Configs:
1111 Jul 14 09:05 ca.pem
1111 Jun 24 07:34 ca_cert.pem
1675 Jun 24 07:34 ca_key.pem
1180 Jul 14 09:05 cert.pem
1675 Jul 14 09:05 key.pem
1329 Jul 15 06:21 ca.der
1854 Jul 15 06:21 ca.pem
149 Jun 23 15:44 dpwd1f40
20 Jun 23 15:44 lpwd1f40
1111 Jul 14 14:54 ca.pem
1111 Jul 14 14:50 ca_cert.pem
1675 Jul 14 14:50 ca_key.pem
1180 Jul 14 14:54 cert.pem
1679 Jul 14 14:54 key.pem
1329 Jul 14 15:02 ca.der
1854 Jul 14 15:02 ca.pem
149 Jul 14 15:00 dpwd1f40
20 Jul 14 15:00 lpwd1f40
So the questions are:
1 - What are the files/certs in the ASAM/data/CoreDriver/certs/ used for?
2 - How are these certs managed/updated?
3 - What certs are used by the management interface to communicate with the
4 - What steps can I take to restore trust between components?