Preventive Service Planning
Abstract
This technical note includes configuration steps to enable TLS v1.1 on IBM® Cloud Orchestrator V2.4.0.3 and V2.4.0.4.
Content
Steps to enable TLS V1.1 support on IBM Cloud Orchestrator V2.4.0.4 and V2.4.0.3:
1. Contact IBM Support for the following LA fixes:
- For IBM Cloud Orchestrator V2.4.0.4, apply IBM Cloud Orchestrator V2.4.0.4 LA01
- For IBM Cloud Orchestrator V2.4.0.3, apply IBM Cloud Orchestrator V2.4.0.3 LA09
- a. Perform the following steps to update the jetty.xml file:
- i) Run cp /opt/ibm/ccs/scui/etc/jetty.xml /opt/ibm/ccs/scui/etc/jetty.xml.bak command.
ii) Run vim /opt/ibm/ccs/scui/etc/jetty.xml command.
iii) Add the line <Set name='Protocol'>TLSv1.1</Set> within the following element:
<New class='org.eclipse.jetty.http.ssl.SslContextFactory' id='sslContextFactory'>
</New>
- i) Run cp /opt/IBM/HTTPServer/conf/httpd.conf /opt/IBM/HTTPServer/conf/httpd.conf.bak command.
ii) Run vim /opt/IBM/HTTPServer/conf/httpd.conf command.
iii) Replace the SSLProtocolDisable SSLv3 SSLv2line with the following lines:
- +SSLFIPSEnable
+SSLProtocolEnable TLSv11
+SSLProtocolDisable SSLv2 SSLv3 TLSv1
- a. Log in to the WebSphere Application Server Integrated Solutions Console.
b. Click Security > SSL certificate and key management.
c. In the Related Items section, click SSL configurations. For example, CellDefaultSSLSettings, NodeDefaultSSLSettings, and XDADefaultSSLSettings.
d. Select the SSL Configuration that is described in the previous step, and click Additional Properties > Quality of protection (QoP) settings.
e. In the Quality of protection (QoP) settings panel, select SSL_TLSv2 from the Protocol drop-down list.
f. Click Apply and Save.
g. Perform the following steps to update the com.ibm.ssl.protocol property in the ssl.client.props file:
i) Edit the ssl.client.props file and set the com.ibm.ssl.protocol value to SSL_TLSv2.
ii) Update both the <WAS_directory>/Node1Profile/properties/ssl.client.props and <WAS_directory>/DmgrProfile/properties/ssl.client.props files.
Note : Business Process Designer does not work after you complete the configuration steps, so change the ssl.client.props file on the local machine within the process designer path to SSL_TLSv2.
[{"Product":{"code":"SS4KMC","label":"IBM SmartCloud Orchestrator"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"2.4.0.3;2.4.0.4","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg2C1000199