IBM System Storage Ideas Portal


This portal is to open public enhancement requests against IBM System Storage products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Under review
Workspace IBM Storage Virtualize / FlashSystem
Created by Guest
Created on Oct 22, 2025

RELATED IDEAS

Add the ability to specify the key serving certificate when adding new key servers to the key server list via the WebUI

I am performing an upgrade/migration of our SKLM 4.2 environment to SKLM 5.0.  The key serving certificate for 4.2 is different from the key serving certificate that is being used by the 5.0 environment.  On older Storwize/Flash Systems firmware, when adding a new key server to the key server list, you are able to specify the specific key serving certificate for that server.

When I came to our two new FS5300s running 8.7.0.7 firmware, I tried to add the new SKLM 5.0 key servers to the list, and low and behold it assumed that they key serving certificate was the same as the existing 4.2 key servers - causing the add operation to fail because the key serving certificates are different between the two environments.  I poked around a bit, and found where you can specify different key serving certificates for each server in the key serving list, but that requires that the SKLM 5.0 key servers be added to the list - but it fails because the key serving certificates are not the same.  So that is useless for me.

I would request that the ability to specify the specific key serving certificate be added back in to the add key server operation so that this task can be performed more easily via the WebUI.

My work around was to perform this operation via the CLI.  I have two SKLM 5.0 servers - a production server that is replicating to a DR server.  If anyone else hits this problem, here is how you do it:

scp certificate.cer user@<IP address of storage array>:/tmp

ssh user@<IP address of storage array>

mkkeyserver -ip <IP address of production key server> -sslcert /tmp/certificate.cer -port 5696 -name PROD-SKLM-5.0

exit

scp certificate.cer user@<IP address of storage array>:/tmp

ssh user@<IP address of storage array>

mkkeyserver -ip <IP address of DR key server> -sslcert /tmp/certificate.cer -port 5696 -name DR-SKLM-5.0

exit

NOTE: The /tmp/certificate.cer file is automatically removed on a successful execution of mkkeyserver, which is why you have to scp it twice.

In the past, it has been far easier to perform the add key server operation via the WebUI.  The CLI will get you there, just takes a bit more effort.

Idea priority Medium
  • Guest
    Oct 29, 2025

    So, I have also discovered that there is no way in the 8.7.0.7 code to change the Primary key server via the WebUI.  This functionality needs to be brought back into the WebUI.  I have only ever performed a migration/upgrade of SKLM.  I have never performed an in place upgrade of existing SKLM server from one release to a newer release.  Adding new key servers with new key certificates and changing Primary key servers is needed for every migration/upgrade that I have done, and will do.

    The CLI work around is to run the following:

    lskeyserver    ### to obtain the list of key servers, including the key server IDs.

    chkeyserver -primary <key_server_id>  ### to set the Primary key server to the key_server_id

    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.