How to Enable TLS 1.2 with CA EEM 12.6

This article describes how to enable TLS 1.2 with CA Embedded Entitlements Manager (CA EEM) 12.6 Server.
casm171
This article describes how to enable TLS 1.2 with CA Embedded Entitlements Manager (CA EEM) 12.6 Server.
Enable CA SDM with CA EEM 12.6
Enable TLS 1.2 in CA EEM
Perform the following steps:
  1. Log in to CA EEM Server
  2. In a text editor, open the 
    igateway.conf
     file that is at 
    C:\Program Files\CA\SC\iTechnology
  3. In the <
    secureProtocol
    > section, add the following tag:
    <secureProtocol>TLSV1_2</secureProtocol>
  4. Restart CA EEM services.
Enable TLS 1.2 in CA SDM
Perform the following steps:
  1. Log in to CA SDM Server
  2. In a text editor, open the 
    eiam.config
     
    file that is at
     NX_ROOT\pdmconf
  3. In the <
    secureProtocol
    > section, add the following tag:
    <secureProtocol>TLSV1_2</secureProtocol>
  4. Restart CA SDM services.
    Verify that CA SDM and CA EEM are successfully integrated.
Enable CA APM with CA EEM 12.6
Enable TLS 1.2 in CA EEM
Perform the following steps:
  1. Log in to CA EEM Server.
  2. In a text editor, open the 
    igateway.conf
     file that is at 
    C:\Program Files\CA\SC\iTechnology
  3. In the <
    secureProtocol
    > section, add the following tag:
    <secureProtocol>TLSV1_2</secureProtocol>
  4. Restart CA EEM services.
Enable TLS 1.2 in CA APM
Perform the following steps:
  1. Open registry on the server by running the 
    regedit command
     and navigate to 
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  2. Change DWORD Values under Server and Client under TLS 1.2 key:
    DisabledByDefault [Value = 0] 
    Enabled [Value = 1]
  3. Restart CA APM services.
  4. Verify that CA APM and CA EEM are successfully integrated.
Enable CA Service Catalog with CA EEM 12.6
Perform the following steps:
  1. Apply the corresponding SQL Server patch that provides TLS 1.2 support for the SQL Server deployed in your environment. 
  2. Stop the following services:
    1. CA Catalog Service
    2. Accounting
  3. In a text editor, open the 
    viewService.conf
     file that is at 
    C:\Program Files\CA\Service Catalog\View\Conf
  4. In the <# Java Additional Parameters> section, add the following tags at the end:
    wrapper.java.additional.23=-Djdk.tls.client.protocols=TLSv1.2wrapper.java.additional.24=-noverify
     
  5. In the <# Java Additional Parameters> section, comment the following tag:
    wrapper.java.additional.20=-XX:-UseSplitVerifier
     
  6. Restart the following services:
    1. CA Catalog Service
    2. Accounting
Enable Unified Self-Service with CA EEM 12.6
Perform the following steps:
  1. Stop the following services:
    1. CA Unified Self-Service jetty server
    2. CA Unified Self-Service server
  2. Download and install JRE 1.8.0_45 for 64-bit
  3. In a text editor, open the
    Catalina.properties
     file that is at 
    US4SM\OSOP\tomcat-7.0.40\conf
  4. Assign a value to the string:
    Current String 
    org.apache.catalina.startup.ContextConfig.jarsToSkip
    New String
    org.apache.catalina.startup.ContextConfig.jarsToSkip=
    bcprov*.jar
  5. In the 
    wrapper.conf
     file that is at 
    US4SM\OSOP\tomcat-7.0.40\bin
    , add the following tag at the end:
    wrapper.java.additional.28=-Djdk.tls.client.protocols=TLSv1.2
  6. Restart the following services:
    1. CA Unified Self-Service jetty server
    2. CA Unified Self-Service server