Disable SSL and TLS protocols in Service Management
Article ID: 186155
Updated On:
Products
CA Service Management - Service Desk Manager
CA Service Desk Manager
Issue/Introduction
How to disable SSL 2.0 and 3.0 and Use TLS 1.1 (with approved cipher suites) or higher instead.
Environment
Release : 17.0 and later
Component : CA Service Management
Resolution
The process involves modifying the server.xml file that Tomcat uses. You will need to locate the server.xml in these locations:
Baseline Tomcat implementation:
$NX_ROOT\bopcfg\www\CATALINA_BASE\conf
Federated Search:
$NX_ROOT\bopcfg\www\CATALINA_BASE_FS\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_FS\conf
REST Web Services:
$NX_ROOT\bopcfg\www\CATALINA_BASE_REST\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_REST\conf
Support Automation:
$NX_ROOT\bopcfg\www\CATALINA_BASE_SA\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_SA\conf
Visualizer:
$NX_ROOT\bopcfg\www\CATALINA_BASE_VIZ\conf
$NX_ROOT\bopcfg\www\CATALINA_BASE_VIZ\conf
Using the server.xml of SDM tomcat as an example:
1. Locate server.xml in $NX_ROOT\bopcfg\www\CATALINA_BASE\conf and take a backup of the file.
2. Locate the section to configure SSL searching for <Connector port="8443" protocol="HTTP/1.1"
3. Set the following in the connector:
sslProtocols="TLS" SSLEnabled="true" sslEnabledProtocols="TLSv1.1, TLSv1.2"
4. Save Changes
5. Restart SDM Services.
2. Locate the section to configure SSL searching for <Connector port="8443" protocol="HTTP/1.1"
3. Set the following in the connector:
sslProtocols="TLS" SSLEnabled="true" sslEnabledProtocols="TLSv1.1, TLSv1.2"
4. Save Changes
5. Restart SDM Services.
Additional Information
Feedback
Yes
No
Powered by
