How to restrict communication to only go over TLS 1.2, on the EEM Application.
book
Article ID: 144525
calendar_today
Updated On:
Products
SUPPORT AUTOMATION- SERVERCA Service Desk Manager - Unified Self ServiceKNOWLEDGE TOOLSCA Service Management - Asset Portfolio ManagementCA Service Management - Service Desk ManagerCA Workload Automation AE - Business Agents (AutoSys)CA Workload Automation AE - Scheduler (AutoSys)CA Workload Automation AgentCA Process Automation Base
Issue/Introduction
How to enable/restrict communication to go through TLS 1.2 within the EEM Application, on Port 5250 and Port 509.
Cause
Since TLSv1.0 and TLSv1.1 has been deprecated, this document will assist in enabling communication over TLSv1.2
Environment
Embedded Entitlements Manager r12.6.x and above.
Resolution
For iGateway (which is the EEM UI on port 5250), edit the following file $IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf, and add TLSV1_2 to the secure protocol tag as follows: <secureProtocol>TLSV1_2</secureProtocol> - Save the changes and restart the iTechnology igateway service
For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows: protocol = tlsv12 - Save the changes and restart the CA Directory 'itechpoz' service
Additional Information
Please refer to the embedding product, in case there are additional settings that would need to be configured on the embedding product side.