Disable SSL and TLS protocols in Service Management
Article ID: 186155
Updated On:
Products
CA Service Management - Service Desk Manager
CA Service Desk Manager - Unified Self Service
CA Service Desk Manager
Issue/Introduction
How to disable SSL 2.0 and 3.0 and Use TLS 1.1 (with approved cipher suites) or higher instead.
Environment
Release : 17.0 and later
Component : CA Service Management
Resolution
The process involves modifying the server.xml file that Tomcat uses. You will need to locate the server.xml in these locations:
Baseline Tomcat implementation:
$NX_ROOT\bopcfg\www\CATALINA_BASE\conf
Federated Search:
$NX_ROOT\bopcfg\www\CATALINA_BASE_FS\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_FS\conf
REST Web Services:
$NX_ROOT\bopcfg\www\CATALINA_BASE_REST\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_REST\conf
Support Automation:
$NX_ROOT\bopcfg\www\CATALINA_BASE_SA\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_SA\conf
Visualizer:
$NX_ROOT\bopcfg\www\CATALINA_BASE_VIZ\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_VIZ\conf
Using the server.xml defined in USS as an example:
1. Locate server.xml in Tomcat being used by USS (Liferay) and take a backup of the file. The path should be similar to: C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\conf\server.xml
2. Locate the section to configure SSL searching for <Connector port="8443" protocol="HTTP/1.1"
3. Set the following in the connector:
sslProtocols="TLS" SSLEnabled="true" sslEnabledProtocols="TLSv1.1, TLSv1.2"
Example:
4. Save Changes
5. Restart Services.
2. Locate the section to configure SSL searching for <Connector port="8443" protocol="HTTP/1.1"
3. Set the following in the connector:
sslProtocols="TLS" SSLEnabled="true" sslEnabledProtocols="TLSv1.1, TLSv1.2"
Example:
4. Save Changes
5. Restart Services.
Additional Information
How To Configure SSL for Tomcat With Unified Self Service (USS)?
Remediation Steps to Secure CA Service Desk Manager from POODLE Vulnerability (CVE-2014-3566)
https://knowledge.broadcom.com/external/article?articleId=29169
Attachments
Feedback
Yes
No
Powered by
