Configuring Engineering Lifecycle Management instance for TLSv1.2
You can enable the TLSv1.2 or only TLSv1.3 to secure the Engineering Lifecycle Management server and configure the Engineering Lifecycle Management server. Complete the following steps to configure Engineering Lifecycle Management instance with TLSv1.2 or only TLSv1.3.
About this task
Note: TLSv1.3 is enabled by default for the embedded IBM® WebSphere® Liberty server. Hence, no additional
configuration is required to enable TLSv1.3 for the embedded IBM WebSphere Liberty server
Procedure
- Create an SSL configuration JSON file name as appconfig
and save it on your computer. The following code block provides an example of the application
configuration definition JSON file with only TLSv1.3.
{ "common": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "appSpecific": { "JTS": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "QM": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "RM": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "CCM": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "GC": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "DCC": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "ENI": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "RB": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "LQE": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "LDX": { "security": { "SSL_PROTOCOL": "TLSv1.3", "SSL_CIPHERS": "CIPHER1 CIPHER2" } }, "JAS": { "security": { "SSL_PROTOCOL": "TLSv1.3" } } } }- common > security > SSL_PROTOCOL
-
(Optional) The common SSL protocol applied for all Engineering Lifecycle Management applications. Supported values are
- TLSv1.2
- TLSv1.2-strict
- TLSv1.3
- TLSv1.2,TLSv1.3 (Default value)
- common > security > SSL_CIPHERS
- (Optional) Define the list of ciphers that you applied for all Engineering Lifecycle Management applications.
- appSpecific >{app name}> security >SSL_PROTOCOL
-
(Optional) The common SSL protocol you would like to apply for all Engineering Lifecycle Management applications. Supported values are
- TLSv1.2
- TLSv1.2-strict
- TLSv1.3
- TLSv1.2,TLSv1.3 (Default value)
- appSpecific >{app name}> security >SSL_CIPHERS IDER_USERID
- (Optional) Define the list of ciphers that you would like to apply for all Engineering Lifecycle Management applications. Note: This value would override the common security SSL_CIPHERS value for the specified application
- Create the configmap by using the following methods. It
creates the user defined
configmap. Exampleelm-application-configin the project.Red Hat Openshift Container Platform web console- Go to Workloads > ConfigMaps.
- Select Create configmap on the upper right of the page.
- To continue by using the Form view
- Enter the configmap contents: name:elm-application-config
- Add the key appconfig and for value, browse local
jsonfile to upload. - Click on Create.
Command for Red Hat Openshift CLI
Command for Kubernetes CLIoc create configmap elm-application-config --from-file=<folder-path>/appconfigkubectl create configmap elm-application-config --from-file=<folder-path>/appconfig - Define the configmap name in Engineering Lifecycle Management
instance yaml with following specification: appConfigName
Configmap name created in step
2
For more information, see Template and sample YAML of ConfigMapapponfigName: <config-map-name>