How to restrict communication to only go over TLS 1.2, on the EEM Application.
Article ID: 144525
SUPPORT AUTOMATION- SERVERCA Service Desk Manager - Unified Self ServiceKNOWLEDGE TOOLSCA Service Management - Asset Portfolio ManagementCA Service Management - Service Desk ManagerCA Workload Automation AE - Business Agents (AutoSys)CA Workload Automation AE - Scheduler (AutoSys)CA Workload Automation AgentCA Process Automation Base
How to enable/restrict communication to go through TLS 1.2 within the EEM Application, on Port 5250 and Port 509.
Since TLSv1.0 and TLSv1.1 has been deprecated, this document will assist in enabling communication over TLSv1.2
Embedded Entitlements Manager r12.6.x and above.
For iGateway (which is the EEM UI on port 5250), edit the following file $IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf, and add TLSV1_2 to the secure protocol tag as follows: <secureProtocol>TLSV1_2</secureProtocol> - Save the changes and restart the iTechnology igateway service
For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows: protocol = tlsv12 - Save the changes and restart the CA Directory 'itechpoz' service
Please refer to the embedding product, in case there are additional settings that would need to be configured on the embedding product side.