Disabling TLS

If you do not want to continue with TLS 1.2 communication with server certificate validation between the different product components, you can roll back to the default configuration by disabling TLS 1.2 configuration. 

If you want to disable TLS 1.2 with server certificate validation for the communication channel between Presentation Server and Application Server, see For communication between Application Server and Presentation Server.

For the other channels, complete the following step to disable TLS 1.2 with server certificate validation:  

Navigate to the <Server Installation Directory>/tools directory of the client component that is involved in the communication and run the switchTLSmode.pl script as suggested in the following table:


Communication channelswitchTLSmode.pl command syntaxClient component

Internal (Oracle or PostgreSQL) database and Application Server and local ETL Engine Server

switchTLSmode.pl -off -flow codb
Application Server1 and local ETL Engine Server

External databases and the local or remote ETL Engine Server

switchTLSmode.pl -off -flow externdaldb

Local or remote ETL Engine Server

Among the internal product components

switchTLSmode.pl -off -flow internal

Application Server1 and ETL Engine Server

Authentication component (Remedy Single Sign-On Server or LDAP Server) and the Application Server

switchTLSmode.pl -off -flow auth 

Application Server

All the communication channels (Except the one between Application Server and Presentation Server)

switchTLSmode.pl -off -flow all
Application Server, Local and remote ETL Engine Server

1 - If you have installed the Application Server components on multiple computers, run the command on each computer.


 Click here for switchTLSmode.pl command details

#Syntax 
switchTLSmode.pl [-h or --help] [ -on|-off ] [ -dbport port ] [ -tspwd ] [-flow internal,auth,codb,externaldb,all]

Parameter reference
-h or --help: Prints the help for the command.

-on|off: on option enables TLS mode of communication. off option disables TLS mode of communication.

-dbport: Provide the port number that is configured for the database communication. (This option is required only when the database port is changed.)

-tspwd: Provide the truststore password. The default password is: changeit. It is recommended to change this password.

-flow: Provide the communication channel for which you want to enable or disable TLS 1.2 with server certificate validation based on your value for the -on|off parameter.

internal: Enables or disables TLS 1.2 with server certificate validation for communication among the internal Capacity Optimization components.

auth: Enables or disables TLS 1.2 with server certificate validation for communication between the authentication component (Remedy Single Sign-On Server or LDAP server) and Application Server.

codb: Enables or disables TLS 1.2 with server certificate validation for communication between internal database (Oracle/PostgreSQL) and internal Capacity Optimization components.

externaldb: Enables or disables TLS 1.2 with server certificate validation for communication between external database and ETL Engine Server.

all: Enables or disables TLS 1.2 with server certificate validation communication for all the supported channels.

TLS 1.2 with server certificate validation is now disabled for the selected communication channels. 

For communication between Application Server and Presentation Server

Configure the TrueSight Presentation Server to stop using TLS 1.2 with server certificate validation:

  1. Ensure that the TrueSight Presentation Server is running. Run the following command: 

    #Microsoft Windows 
    tssh server status
    
    
    #Unix 
    ./tssh server status

    Important: Ensure that the Presentation Server is running before you proceed.

  2. Modify the tsps.co.conntype property in the Presentation Server. Run the following command:

    #Microsoft Windows 
    tssh properties set tsps.co.conntype ssl
     
    #Unix 
    ./tssh properties set tsps.co.conntype ssl
  3. Restart the Presentation Server.

    #Microsoft Windows 
    tssh server stop
    tssh server start
    
    
    #Unix 
    ./tssh server stop
    nohup sh tssh server start & 

The TrueSight Presentation Server is configured and stops using the TLS 1.2 protocol with server certificate validation. 

Was this page helpful? Yes No Submitting... Thank you

Comments