If your environment includes one or more Platform Services Controller systems, you can use the TLS Configuration utility to change which versions of TLS are supported.

If your environment uses only an embedded Platform Services Controller, you previously completed this task during the vCenter Server process. See Enable or Disable TLS Versions on vCenter Server Systems.

Note: Proceed with this task only after you confirm that each vCenter Server system is running a compatible version of TLS.

As part of the process, you can disable TLS 1.0, and enable TLS 1.1 and TLS 1.2. Or, you can disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2.

Prerequisites

Ensure that the applications, hosts, and services that connect to the Platform Services Controller are eligible or configured to communicate by using a version of TLS that remains enabled. Because the Platform Services Controller handles authentication and certificate management, consider carefully which services might be affected. For services that communicate only using unsupported protocols, connectivity becomes unavailable.

Procedure

  1. Log in to the Platform Services Controller as a user who can run scripts and go to the directory where the script is located.
    OS Command
    Windows 
    cd %VMWARE_CIS_HOME%\TlsReconfigurator\VcTlsReconfigurator
    Linux 
    cd /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator
  2. You can perform the task on Platform Services Controller on Windows or on the Platform Services Controller appliance.
    • To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.
      OS Command
      Windows 
      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2
      Linux 
      directory_path\VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2
    • To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.
      OS Command
      Windows 
      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2
      Linux 
      directory_path\VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2
  3. If your environment includes other Platform Services Controller systems, repeat the process.