How do I enable TLSv1.2 on ports 509, 5250 and 8443 and specify a cipherlist?

Document ID : KB000074517
Last Modified Date : 07/07/2018
Show Technical Document Details
How do I enable TLSv1.2 and disable TLSv1.X on ports 509, 5250, and 8443?

509 :  EEM (CA Directory, itechpoz)
5250: EEM GUI
8443:  CA WCC Tomcat port (the default for non-SSL is 8080; the default for SSL is 8443)
CA Embedded Entitlements Manager r12.51 CR05 (
CA Workload Control Center r11.4+
PORT 8443 (WCC)
1. Navigate to the CA_WCC_INSTALL_LOCATION/tomcat/conf directory
2. Edit the server.xml file
3. Look for the sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" parameter
4. Between the parentheses, remove everything except TLSv1.2
5. Save the file
6. Restart the WCC services

PORT 5250 (EEM)
1. Navigate to the IGW_LOC directory
2. Edit the igateway.conf file
3. Look for the <secureProtocol/> tag
4. Make the following edit: <secureProtocol>TLSv1_2</secureProtoco/>
5. Save the file
6. Restart the iGateway service

Ciphers supported by EEM: 

Example from igateway.conf:

PORT 509 (CA Directory) - TLSv1.2 is supported in EEM 12.6 for CA Directory
(This is because CALDAP which is used to communicate between iGateway and CA Directory does not support it in
releases prior to 12.6) 

1. Navigate to the DXHOME/config/ssld directory
2. Edit the itechpoz.dxc file
3. Look for the protocol = tls parameter
4. Make the following edit: protocol = tlsv12
5. Save the file
6. Restart the dxserver (itechpoz service)

The same cipherlist document above can be used.
Example from itechpoz.dxc:

# eiam repository  
set ssl = {  
cert-dir = "config/ssld/personalities"  
ca-file = "config/ssld/itechpoz-trusted.pem"  
protocol = tlsv12  

Additional Information:
Cipher Strings and what they include are in the OpenSSL doc below: