Steps to enable TLS 1.2 inside CA ACS.
These steps are to be tested inside UAT/lower environment before migrating the same to production.
1- Navigate to ARCOT_HOME/Conf directory
2- Take a backup of acs.ini and store it in a backup directory, please do not keep the backup ini file in the same directory i.e. conf
3- Open acs.ini
4- Look for the parameters DSSecurityLayer and AHSSecurityLayer
5- The parameter values are the protocols enabled
6- Please modify the values to add the required protocol,
7- Please ensure that the values added are exactly as shown in the example above.
8- Save and close acs.ini
9- Restart the ACS and test the connectivity form DS and to AHS.
Warning/Important Note -
If you are disabling any protocol-
Please note that the protocol configuration inside CA ACS is not individual to any DS and a single parameter is used for all DS and connectivity i.e.
This also applies to AHS, there is a single parameter that is used to configure connectivity protocol for both MC and VISA DS.
This means if one disables a connectivity protocol, say SSLv3, under the parameter DSSecurityLayer then SSLv3 will be disabled for incoming connections from all Directory Servers.
CA recommends adding the latest compatible protocol to the list existing set of protocol and only removing a deprecated protocol after a confirmation has been received from all Directory Servers that connect to that ACS.