• Spaces
  • People
  • Help
    • BMC Support Central BMC Community BMC.com
    ×
    BMC TrueSight Capacity Optimization 10.7

    Page tree

    Skip to end of metadata
    Go to start of metadata

    If you do not want to continue with TLS 1.2 communication with server certificate validation between the different product components, you can roll back to the default configuration by disabling TLS 1.2 configuration. 

     

    If you want to disable TLS 1.2 with server certificate validation for the communication channel between Presentation Server and Application Server, see For communication between Application Server and Presentation Server.

    For the other channels, complete the following step to disable TLS 1.2 with server certificate validation:  

    Related topics

    Securing communication between product components using TLS

    TLS considerations for TrueSight Capacity Optimization 

    Navigate to the <Server Installation Directory>/tools directory of the client component that is involved in the communication and run the switchTLSmode.pl script as suggested in the following table:


    Communication channelswitchTLSmode.pl command syntaxClient component

    Internal (Oracle or PostgreSQL) database and Application Server and local ETL Engine Server

    switchTLSmode.pl -off -flow codb
    		Application Server1 and local ETL Engine Server

    External databases and the local or remote ETL Engine Server

    switchTLSmode.pl -off -flow externdaldb

    Local or remote ETL Engine Server

    Among the internal product components

    switchTLSmode.pl -off -flow internal

    		Application Server1 and ETL Engine Server

    Authentication component (Atrium Single Sign-On Server or LDAP Server) and the Application Server

    switchTLSmode.pl -off -flow auth 

    		Application Server

    All the communication channels (Except the one between Application Server and Presentation Server)

    switchTLSmode.pl -off -flow all
    		Application Server, Local and remote ETL Engine Server
    1 - If you have installed the Application Server components on multiple computers, run the command on each computer.

     Click here for switchTLSmode.pl command details

    #Syntax 
switchTLSmode.pl [-h or --help] [ -on|-off ] [ -dbport port ] [ -tspwd ] [-flow internal,auth,codb,externaldb,all]

     

    Parameter reference
    -h or --help: Prints the help for the command.

    -on|off: on option enables TLS mode of communication. off option disables TLS mode of communication.

    -dbport: Provide the port number that is configured for the database communication. (This option is required only when the database port is changed.)

    -tspwd: Provide the truststore password. The default password is: changeit. It is recommended to change this password.

    -flow: Provide the communication channel for which you want to enable or disable TLS 1.2 with server certificate validation based on your value for the -on|off parameter.

    internal: Enables or disables TLS 1.2 with server certificate validation for communication among the internal Capacity Optimization components.

    auth: Enables or disables TLS 1.2 with server certificate validation for communication between the authentication component (Atrium Single Sign-On Server or LDAP server) and Application Server.

    codb: Enables or disables TLS 1.2 with server certificate validation for communication between internal database (Oracle/PostgreSQL) and internal Capacity Optimization components.

    externaldb: Enables or disables TLS 1.2 with server certificate validation for communication between external database and ETL Engine Server.

    all: Enables or disables TLS 1.2 with server certificate validation communication for all the supported channels.

    TLS 1.2 with server certificate validation is now disabled for the selected communication channels. 

    For communication between Application Server and Presentation Server

    Configure the TrueSight Presentation Server to stop using TLS 1.2 with server certificate validation:

    1. Ensure that the TrueSight Presentation Server is running. Run the following command: 

      #Microsoft Windows 
tssh server status


#Unix 
./tssh server status

       

      Important: Ensure that the Presentation Server is running before you proceed.

    2. Modify the tsps.co.conntype property in the Presentation Server. Run the following command:

      #Microsoft Windows 
tssh properties set tsps.co.conntype ssl
 
#Unix 
./tssh properties set tsps.co.conntype ssl

    3. Restart the Presentation Server.

      #Microsoft Windows 
tssh server stop
tssh server start


#Unix 
./tssh server stop
nohup sh tssh server start &

    The TrueSight Presentation Server is configured and stops using the TLS 1.2 protocol with server certificate validation. 

    © Copyright 2005-2021 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.