Disabling TLS

If you do not want to continue with TLS 1.2 communication with server certificate validation between the different product components, you can roll back to the default configuration by disabling TLS 1.2 configuration. 

 

If you want to disable TLS 1.2 with server certificate validation for the communication channel between Presentation Server and Application Server, see For communication between Application Server and Presentation Server.

For the other channels, complete the following step to disable TLS 1.2 with server certificate validation:  

Related topics

Securing-communication-between-product-components

TLS-considerations-for-TrueSight-Capacity-Optimization 

Navigate to the <Server Installation Directory>/tools directory of the client component that is involved in the communication and run the switchTLSmode.pl script as suggested in the following table:


1 - If you have installed the Application Server components on multiple computers, run the command on each computer.

Click here for switchTLSmode.pl command details
#Syntax
perl switchTLSmode.pl [-h or --help] [ -on|-off ] [ -dbport port ] [ -tspwd ] [-flow internal,auth,codb,externaldb,all]

 

Parameter reference
-h or --help: Prints the help for the command.

-on|off: on option enables TLS mode of communication. off option disables TLS mode of communication.

-dbport: Provide the port number that is configured for the database communication. (This option is required only when the database port is changed.)

-tspwd: Provide the truststore password. The default password is: changeit. It is recommended to change this password.

-flow: Provide the communication channel for which you want to enable or disable TLS 1.2 with server certificate validation based on your value for the -on|off parameter.

internal: Enables or disables TLS 1.2 with server certificate validation for communication among the internal Capacity Optimization components.

auth: Enables or disables TLS 1.2 with server certificate validation for communication between the authentication component (Remedy Single Sign-On Server or LDAP server) and Application Server.

codb: Enables or disables TLS 1.2 with server certificate validation for communication between internal database (Oracle/PostgreSQL) and internal Capacity Optimization components.

externaldb: Enables or disables TLS 1.2 with server certificate validation for communication between external database and ETL Engine Server.

all: Enables or disables TLS 1.2 with server certificate validation communication for all the supported channels.

TLS 1.2 with server certificate validation is now disabled for the selected communication channels. 

For communication between Application Server and Presentation Server

Configure the TrueSight Presentation Server to stop using TLS 1.2 with server certificate validation:

  1. Ensure that the TrueSight Presentation Server is running. Run the following command: 

    #Microsoft Windows
    tssh server status


    #Unix
    ./tssh server status

     

    Important: Ensure that the Presentation Server is running before you proceed.

  2. Modify the tsps.co.conntype property in the Presentation Server. Run the following command:

    #Microsoft Windows
    tssh properties set tsps.co.conntype ssl

    #Unix
    ./tssh properties set tsps.co.conntype ssl

  3. Restart the Presentation Server.

    #Microsoft Windows
    tssh server stop
    tssh server start


    #Unix
    ./tssh server stop
    nohup sh tssh server start & 

The TrueSight Presentation Server is configured and stops using the TLS 1.2 protocol with server certificate validation. 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*