You can add or remove a version of Transport Layer Security (TLS) to access vRealize Business for Cloud.

Deploy vRealize Business for Cloud and have administrator access.

1

Log into vRealize Business for Cloud by using the system administrator credentials.

2

Run the monit stop itbm-server command.

3

Run the monit stop pricing-api command.

4

To disable TLS 1.0 version, run the following commands:

a

sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols="TLSv1.1, TLSv1.2"/g' /usr/local/tcserver/vfabric-tc-server-standard/itbm-server/conf/server.xml

b

sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols=TLSv1.1, TLSv1.2/g' /usr/local/pricing-api/conf/application.properties

5

If you are using vRealize Business for Cloud 7.1 or earlier versions that is integrated with vRealize Automation, add the following line to disable TLS 1.0:

Action

File Location

-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 \

/usr/sbin/itfm-config (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

/usr/sbin/itfm-config-unregister (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

/usr/local/tcserver/vfabric-tc-server-standard/itbm-server/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties )

/usr/local/tcserver/vfabric-tc-server-standard/itbm-data-collector/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties)

6

To enable TLS 1.0 version, run the following commands:

a

sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols=" TLSv1, TLSv1.1, TLSv1.2"/g' /usr/local/tcserver/vfabric-tc-server-standard/itbm-server/conf/server.xml

b

sed -i 's/sslEnabledProtocols=.*/sslEnabledProtocols= TLSv1, TLSv1.1, TLSv1.2/g' /usr/local/pricing-api/conf/application.properties

7

If you are using vRealize Business for Cloud 7.1 or earlier versions that is integrated with vRealize Automation, remove the following line to enable TLS 1.0:

Action

File Location

-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 \

/usr/sbin/itfm-config (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

/usr/sbin/itfm-config-unregister (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties \)

-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2

/usr/local/tcserver/vfabric-tc-server-standard/itbm-server/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties)

/usr/local/tcserver/vfabric-tc-server-standard/itbm-data-collector/bin/setenv.sh (Below -Dsecurity.properties=$CATALINA_BASE/conf/security.properties)

8

Run the monit start itbm-server command.

9

Run the monit start pricing-api command.