How to restrict communication to only go over TLS 1.2, on the EEM Application.


Article ID: 144525


Updated On:


SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Process Automation Base


How to enable/restrict communication to go through TLS 1.2 within the EEM Application, on Port 5250 and Port 509.


Since TLSv1.0 and TLSv1.1 has been deprecated, this document will assist in enabling communication over TLSv1.2


Embedded Entitlements Manager r12.6.x and above.


For iGateway (which is the EEM UI on port 5250), edit the following file $IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf, and add TLSV1_2 to the secure protocol tag as follows: 
- Save the changes and restart the iTechnology igateway service 

For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows: 
protocol = tlsv12 
- Save the changes and restart the CA Directory 'itechpoz' service

Additional Information

Please refer to the embedding product, in case there are additional settings that would need to be configured on the embedding product side.