You can add or remove a version of Transport Layer Security (TLS) to access vRealize Business for Cloud.

Prerequisites

Deploy vRealize Business for Cloud and have administrator access.

Procedure

  1. Log into vRealize Business for Cloud by using the system administrator credentials.
  2. Run the monit stop itbm-server command.
  3. Run the monit stop pricing-api command.
  4. To disable TLS 1.0 version, run the following commands:
    1. sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols="TLSv1.1, TLSv1.2"/g' /usr/local/tcserver/vfabric-tc-server-standard/itbm-server/conf/server.xml
    2. sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols=TLSv1.1, TLSv1.2/g' /usr/local/pricing-api/conf/application.properties
  5. If you are using vRealize Business for Cloud 7.1 or earlier versions that is integrated with vRealize Automation, add the following line to disable TLS 1.0:

    Action

    File Location

    -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 \

    • /usr/sbin/itfm-config (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

    • /usr/sbin/itfm-config-unregister (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

    -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

    • /usr/local/tcserver/vfabric-tc-server-standard/itbm-server/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties )

    • /usr/local/tcserver/vfabric-tc-server-standard/itbm-data-collector/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties)

  6. To enable TLS 1.0 version, run the following commands:
    1. sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols=" TLSv1, TLSv1.1, TLSv1.2"/g' /usr/local/tcserver/vfabric-tc-server-standard/itbm-server/conf/server.xml
    2. sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols= TLSv1, TLSv1.1, TLSv1.2/g' /usr/local/pricing-api/conf/application.properties
  7. If you are using vRealize Business for Cloud 7.1 or earlier versions that is integrated with vRealize Automation, remove the following line to enable TLS 1.0:

    Action

    File Location

    -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 \

    • /usr/sbin/itfm-config (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

    • /usr/sbin/itfm-config-unregister (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

    -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

    • /usr/local/tcserver/vfabric-tc-server-standard/itbm-server/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties)

    • /usr/local/tcserver/vfabric-tc-server-standard/itbm-data-collector/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties)

  8. Run the monit start itbm-server command.
  9. Run the monit start pricing-api command.