In order to utilize communications over TLSv1.2, CA Process Automation must be installed as secure (SSL) using either the self signed certificated or a third party certificate.
If CA Process Automation has been installed as non SSL, then a reinstall will need to be done to enable SSL.
All versions of Java 8 support the TLSv1.2 protocol, but if you are using Java 7 you must minimally use JDK 1.7 update 95.
If you must upgrade your Java version, do this prior to reinstall. If CA Process Automation is already SSL, then you will need to upgrade Java and modify the c2osvcw.conf file located in /PAM/server/c2o/bin folder for Windows, or the c2osvrd.sh located in /usr/local/CA/PAM/server/c2o for Linux. Modify the Java path to reflect the upgraded version.
Additionally in the c2osvcw.conf or c2osvrd.sh file, a new java variable needs to be added.
For a Windows installation, add the line
To the end of the file. Make sure to increment the number (14) appropriately.
A default installation will show the last 3 lines of this file as:
using .14 is appropriate in this case.
For CA Process Automation installed on Linux, make the following change in c2osvrd.sh :
In the section for SVRDEFINES="
The last line of the file section shows
Change this last line to
-Duser.country="US" \ (please note removal of the second double quotation, a space then the backslash)
Then add the following line below that
-Dhttps.protocols="TLSv1.1,TLSv1.2"" (please note two double quotation marks to close the section properly)
The last two lines should look like:
If you are restricting to only TLSv1.2, then the above protocol specifications should only be added as either