If your environment includes one or more Platform Services Controller systems, you can use the TLS Configuration utility to change which versions of TLS are supported.

Before you begin

Ensure that the hosts and services that the Platform Services Controller connects to can communicate using a supported protocol. Because authentication and certificate management is handled by the Platform Services Controller, consider carefully which services might be affected. For services that communicate only using unsupported protocols, connectivity becomes unavailable.

About this task

If your environment uses only an embedded Platform Services Controller, you do not have to perform this task.

Note:

Proceed with this task only after you confirm that each vCenter Server system is running a compatible version of TLS. If instances of vCenter Server 6.0.x or 5.5.x are connected to the vCenter Server, those instances stop communicating with the Platform Services Controller if you disable TLS versions.

You can disable TLS 1.0 and TLS 1.1 and leave TLS 1.2 enabled, or you can disable only TLS 1.0 and leave TLS 1.1 and TLS 1.2 enabled.

Procedure

  1. Log in to the Platform Services Controller as a user who can run scripts and go to the directory where the script is located.

    OS

    Command

    Windows

    cd C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator

    Linux

    cd /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator

  2. You can perform the task on Platform Services Controller on Windows or on the Platform Services Controller appliance.
    • To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.

      OS

      Command

      Windows

      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2

      Linux

      directory_path\VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2
    • To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.

      OS

      Command

      Windows

      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2

      Linux

      directory_path\VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2
  3. If your environment includes other Platform Services Controller systems, repeat the process.