Secure DataBase Connection with TLS1.2

book

Article ID: 184015

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

We are in the process of upgrading our existing CA Identity Manager from 12.6.8 to 14.3 with OVA.  We heard that 14.3 doesn't not support secure database connection (ODBC) with TLS1.2.  Therefore, we would like you to confirm if this is the case.  If not, which kind of secure connection does this version of Identity Manager support?

 

Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

1)      FIPS support is available for new installations of the vApp on VMWare and Azure

2)      The FIPS support is to store application based password in AES256 format

3)      If the FIPS mode is enabled, so yes, the DB credentials will be stored in the standalone.xml in AES256 format

4)      At the moment, customers can’t change the basic URL for the connector. We have a feature in the backlog which we will ship very soon.


While I cannot provide a way to secure the connection to the database, I can provide a way to get user attribute data encrypted before it is written.

  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-manager/14-3/how-to-add-attribute-level-encryption-844120.html

   Also, as we spoke about, if this does not work for the team you will need to log into communities and open an idea for this.

   After that idea is created, you can reach out to Itamar on communities as he is the product owner.