Verifying the SSL protocol before you deploy a new non-administrative server

Before you can deploy a new non-administrative application server to a horizontal cluster, you must ensure that the SSL protocol is set correctly. You must verify the SSL protocol for the OpenPages application server.

For example, if you are using either the TLSv1.1 or TLSv1.2 protocols, the deployment will fail.

After you complete the configuration, you can change the SSL protocol back to your original selection. But, you cannot use TLSv1.1 or TLSv1.2 during the deployment of the new server.

Procedure

  1. Go to the IBM® WebSphere® Integrated Solutions Console for the OpenPages Deployment Manager server:

    For example, http://<server_name>:<port>/ibm/console

    Where <server_name> is the name of the application server and <port> is the WebSphere port that is assigned during the WebSphere installation. The default port value is 9060.

  2. Log on to the IBM WebSphere Integrated Solutions Console with an administrator account.
  3. Expand Security, and select SSL certificate and key management.
  4. In the Related Items list, click SSL configurations.
  5. Click CellDefaultSSLSettings.
  6. In the Additional Properties list, click Quality of protection (QoP) settings.
  7. In the Protocol box, ensure that you have an option other than TLSv1.1 or TLSv1.2 selected.
    Attention: If TLSv1.1 or TLSv1.2 are selected, deploying a new non-administrative server to your environment will fail.
    1. If either TLSv1.1 or TLSv1.2 are selected, change the value to SSL_TLSv2.
    2. Click Apply, and then click Save.
    3. In the main menu, expand System administration, and click Nodes.
    4. Select the check box for <host>-OPNode1.
    5. Click Full Resynchronize.