How to restrict communication to only go over TLS 1.2, on the EEM Application.
Article ID: 144525
Updated On:
Products
SUPPORT AUTOMATION- SERVER
CA Service Desk Manager - Unified Self Service
KNOWLEDGE TOOLS
CA Service Management - Asset Portfolio Management
CA Service Management - Service Desk Manager
CA Workload Automation AE - Business Agents (AutoSys)
CA Workload Automation AE - Scheduler (AutoSys)
CA Workload Automation Agent
CA Process Automation Base
Issue/Introduction
How to enable/restrict communication to go through TLS 1.2 within the EEM Application, on Port 5250 and Port 509.
Cause
Since TLSv1.0 and TLSv1.1 has been deprecated, this document will assist in enabling communication over TLSv1.2
Environment
Embedded Entitlements Manager r12.6.x and above.
Resolution
For iGateway (which is the EEM UI on port 5250), edit the following file $IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf, and add TLSV1_2 to the secure protocol tag as follows:
<secureProtocol>TLSV1_2</secureProtocol>
- Save the changes and restart the iTechnology igateway service
For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows:
protocol = tlsv12
- Save the changes and restart the CA Directory 'itechpoz' service
<secureProtocol>TLSV1_2</secureProtocol>
- Save the changes and restart the iTechnology igateway service
For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows:
protocol = tlsv12
- Save the changes and restart the CA Directory 'itechpoz' service
Additional Information
Please refer to the embedding product, in case there are additional settings that would need to be configured on the embedding product side.
Feedback
Yes
No
Powered by
