If your environment includes one or more Platform Services Controller systems, you can use the TLS Configuration utility to change which versions of TLS are supported.
If your environment uses only an embedded Platform Services Controller, you do not have to perform this task.
Proceed with this task only after you confirm that each vCenter Server system is running a compatible version of TLS. If instances of vCenter Server 6.0.x or 5.5.x are connected to the vCenter Server, those instances stop communicating with the Platform Services Controller if you disable TLS versions.
You can disable TLS 1.0 and TLS 1.1 and leave TLS 1.2 enabled, or you can disable only TLS 1.0 and leave TLS 1.1 and TLS 1.2 enabled.
Ensure that the hosts and services that the Platform Services Controller connects to can communicate using a supported protocol. Because authentication and certificate management is handled by the Platform Services Controller, consider carefully which services might be affected. For services that communicate only using unsupported protocols, connectivity becomes unavailable.
- Log in to the Platform Services Controller as a user who can run scripts and go to the directory where the script is located.
cd C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator
- You can perform the task on Platform Services Controller on Windows or on the Platform Services Controller appliance.
To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.
directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2
directory_path\VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2
To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.
directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2
directory_path\VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2
- If your environment includes other Platform Services Controller systems, repeat the process.