How to restrict communication to only go over TLS 1.2, on the EEM Application.

Article Id: 144525
Status: Published
Updated On: 06-02-2020 14:18
Products:
SUPPORT AUTOMATION- SERVER , CA Service Desk Manager - Unified Self Service , KNOWLEDGE TOOLS , CA Service Management - Asset Portfolio Management , CA Service Management - Service Desk Manager , CA Workload Automation AE - Business Agents (AutoSys) , CA Workload Automation AE - Scheduler (AutoSys) , CA Workload Automation Agent , CA Process Automation Base
Issue/Introduction:

How to enable/restrict communication to go through TLS 1.2 within the EEM Application, on Port 5250 and Port 509.

Cause:

Since TLSv1.0 and TLSv1.1 has been deprecated, this document will assist in enabling communication over TLSv1.2

Environment:

Embedded Entitlements Manager r12.6.x and above.

Resolution:

For iGateway (which is the EEM UI on port 5250), edit the following file $IGW_LOC/igateway.conf or %IGW_LOC%\igateway.conf, and add TLSV1_2 to the secure protocol tag as follows: 
<secureProtocol>TLSV1_2</secureProtocol> 
- Save the changes and restart the iTechnology igateway service 

For CA Directory (which is the DSA on port 509), edit the following file $DXHOME/config/ssld/itechpoz.dxc or %DXHOME%\config\ssld\itechpoz.dxc, and add tlsv12 to the protocol line as follows: 
protocol = tlsv12 
- Save the changes and restart the CA Directory 'itechpoz' service

Additional Information:

Please refer to the embedding product, in case there are additional settings that would need to be configured on the embedding product side.