How can I make sure ITPAM is using TLS 1.2 for SOAP calls it makes

Document ID : KB000095143
Last Modified Date : 09/05/2018
Show Technical Document Details
Question:
How can we make sure that ITPAM is using TLS 1.2 for SOAP calls?
Answer:
First,
In order to upgrade to a Java above 1.8 update 161, they must upgrade to CA Process Automation 4.3 SP02 CP02 (just released). Otherwise, they must use a version of Java 1.8 that is update 1.52 or earlier. 

Also, in order to have CA Process Automation communicate using TLSv1.2 an additional line must be added to the c2osvcw.conf file. I assume since you stated that the communication only to the WSDL has been restricted, then they are still using TLSv1.1 for all other communication. 

The line to add is :
wrapper.java.additional.14=-Dhttps.protocols=TLSv1.1,TLSv1.2 

per knowledge article 
https://comm.support.ca.com/kb/ca-process-automation-tlsv12-support/kb000010751

UPDATE:
We have found that SOAP calls will work on TLS with base 4.3 but we still recommend you apply SP2.

Also, there are a few things that had to be changed when modifying this value.
We had to reinstalled the PAM with secure mode and chang the certificate password. 
Then reconfigured the Secure PAM URL in anything pointing to it such as catalog so it used https instead of http