How to change to TLS 1.2

Question & Answer

Question

How can we change the encryption algorithm of WAS on the MDM and DWC side to TLS1.2?

Answer

Follow the below steps to make the changes.

Contents implemented in WAS on the TWS side.

1. Back up the following files.

<TWS_inst_dir> /WAS/TWSProfile/config/cells/TWSNodeCell/security.xml

2. From the WAS management console, SSL certificate, and key management> SSL configuration

Click on the listed configuration to open (Additional Properties) Quality of Protection (QoP) Settings

Select "TLSv1.2" from the pull-down in the "Protocol" setting.

* How to open the WAS admin console.

https: // <host name>: <adminSecurePort> /ibm/console/logon.jsp

adminsecureport can be confirmed by executing the following shell (bat).

<TWAhome>/wastools/ShowHostProperties.sh(bat）

3.On <TWS_inst_dir> /WAS/TWSProfile/config/cells/TWSNodeCell/security.xml

Confirm that sslProtocol setting is changed to "TLSv1.2".

4.On <TWS_inst_dir> /WAS/TWSProfile/config/cells/TWSNodeCell/security.xml

Search for "com.ibm.ssl.protocol" and change the value to "TLSv1.2"

5.Open <TWS_inst_dir> /WAS/TWSProfile/properties/ssl.client.props and Search for "com.ibm.ssl.protocol" and change to "TLSv1.2"

6. Restart WAS on TWS side

conman stopappserv

conman startappserv

Contents to be implemented in WAS on the TDWC side

1. Back up the following files

<JazzSM_inst_dir>/profile/config/cells/JazzSMNode01Cell/security.xml

2. From the WAS management console, SSL certificate, and key management> SSL configuration

Click on the listed configuration to open (Additional Properties) Quality of Protection (QoP) Settings

Select "TLSv1.2" from the pull-down in the "Protocol" setting.

* How to open WAS admin console (steps for 9.4)

After logging in to DWC, click the WebSphere icon on the upper-right gear icon.

3.On <JazzSM_inst_dir> /profile/config/cells/JazzSMNode01Cell/security.xml

Confirm that sslProtocol setting is changed to "TLSv1.2".

4.Open <JazzSM_inst_dir> /profile/properties/ssl.client.props and

Search for "com.ibm.ssl.protocol" and change to "TLSv1.2"

5.Open <JazzSM_inst_dir> /profile/temp/ssl.client.props and Search for "com.ibm.ssl.protocol" and change to "TLSv1.2"

6. Restart WAS on TDWC side

<TWAUI home> /wastools/stopWAS.sh (bat)

<TWAUI home> /wastools/startWAS.sh (bat)

Set "Use TLS1.2" in the browser security settings.

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"ARM Category":[{"code":"a8m0z000000br2OAAQ","label":"How To"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Version(s)"}]

Product Synonym

TWS; IWS; WA; TDWC

Was this topic helpful?

Document Information

Modified date:
28 June 2023

UID

ibm16379612

Tips