How to restrict communication to only go over TLS 1.2, on the EEM Application.

book

Article ID: 144525

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Process Automation Base

Issue/Introduction

How to enable/restrict communication to go through TLS 1.2 within the EEM Application, on Port 5250 and Port 509.

Cause

Since TLSv1.0 and TLSv1.1 has been deprecated, this document will assist in enabling communication over TLSv1.2

Environment

Embedded Entitlements Manager r12.6.x and above.

Resolution

For iGateway (which is the EEM UI on port 5250), edit the following file $IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf, and add TLSV1_2 to the secure protocol tag as follows: 
<secureProtocol>TLSV1_2</secureProtocol> 
- Save the changes and restart the iTechnology igateway service 

For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows: 
protocol = tlsv12 
- Save the changes and restart the CA Directory 'itechpoz' service

Additional Information

Please refer to the embedding product, in case there are additional settings that would need to be configured on the embedding product side.