Start of change

Migrating the DCAS server to use AT-TLS policies

You must migrate DCAS configuration files to use AT-TLS policies.

Complete the following steps to migrate the DCAS server to use AT-TLS policies:
  1. Customize the DCAS server for TLS/SSL. For more information, see Customizing DCAS for TLS/SSL.
  2. Migrate the DCAS configuration file. For more information about DCAS configuration keywords and equivalent AT-TLS policies, see Table 1 and Table 2.
Table 1. Migrating existing DCAS server to use AT-TLS policies
DCAS configuration AT-TLS equivalent statement AT-TLS policy statement
ClientAuth Local1

HandshakeRole ServerWithClientAuth

ClientAuthType Required

TTLSEnvironmentAction

TTLSEnvironmentAction ->
TTLSEnvironmentAdvancedParms
ClientAuth Local2

HandshakeRole ServerWithClientAuth

ClientAuthType SAFCHECK

TTLSEnvironmentAction

TTLSEnvironmentAction ->
TTLSEnvironmentAdvancedParms
IPADDR LocalAddr TTLSRule
KEYRING Keyring

TTLSEnvironmentAction ->
TTLSKeyringParms
LDAPPORT GSK_LDAP_SERVER_PORT

TTLSEnvironmentAction ->
TTLSGskAdvancedParms ->
TTLSGskLdapParms
LDAPSERVER GSK_LDAP_SERVER

TTLSEnvironmentAction ->
TTLSGskAdvancedParms ->
TTLSGskLdapParms
Port LocalPortRange TTLSRule
SAFKEYRING Keyring

TTLSEnvironmentAction ->
TTLSKeyringParms
STASHFILE KeyringStashFile

TTLSEnvironmentAction ->
TTLSKeyringParms
V3CIPHER V3CipherSuites

TTLSEnvironmentAction ->
TTLSCipherParms
Table 2. Migrating existing DCAS server to use AT-TLS policies for V3Cipher
V3CIPHER AT-TLS statement - V3CipherSuites Hexadecimal value
NULL MD5 TLS_RSA_WITH_NULL_MD5 01
NULL SHA TLS_RSA_WITH_NULL_SHA 02
RC4 MD Export TLS_RSA_EXPORT_WITH_RC4_40_MD5 03
RC4 MD5 US TLS_RSA_WITH_RC4_128_MD5 04
RC4 SHA US TLS_RSA_WITH_RC4_128_SHA 05
RC2 MD5 Export TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 06
DES SHA TLS_RSA_WITH_DES_CBC_SHA 09
Triple DES SHA US TLS_RSA_WITH_3DES_EDE_CBC_SHA 0A
Parent topic: Express logon services with the Digital Certificate Access Server
End of change