Configuring a cipherlist to be used in EEM.
search cancel

Configuring a cipherlist to be used in EEM.


Article ID: 143504


Updated On:


SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent CA Process Automation Base


The below document describes how to configuring the cipherlist tags, will address issues with the detection of weak ciphers, during vulnerability scans on Windows and non-Windows platforms. 


Embedded Entitlements Manager 12.51 CR05 and Above.


Because the vulnerabilities scans are detecting weak ciphers on the servers, this document will assist in creating a cipherlist to address the weak ciphers that are detected.


For the a list of ciphers that you can use with the EEM product, please refer to the following OpenSSL site:

Below is a sample cipher that can be used.  
You can add to the below cipherlist, from the ciphers listed in the OpenSSL site, as your business needs see fit.

Here are the instructions for adding the cipherlist for EEM 12.51 CR05 and above: 

To protect port 5250 (which is iGateway):
- Edit the following file: 
$IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf
- Enter the ciphers in the cipher tag, as in the example: 
- Save the changes and restart the igateway service 

        <Connector name="defaultport">
            <!--<secureProtocol/> -->


To protect port 509 (which is CA Directory):
- Edit the following file: 
$DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc
-Enter the ciphers in the cipher tag, above the 'protocol' line: 
- Save the changes and restart the CA Directory service

set ssl = {
cert-dir = "config/ssld/personalities"
ca-file = "config/ssld/itechpoz-trusted.pem"
protocol = tlsv12