Question & Answer
Question
How can we change the encryption algorithm of WAS on the MDM and DWC side to TLS1.2?
Answer
Follow the below steps to make the changes.
Contents implemented in WAS on the TWS side.
1. Back up the following files.
<TWS_inst_dir> /WAS/TWSProfile/config/cells/TWSNodeCell/security.xml
2. From the WAS management console, SSL certificate, and key management> SSL configuration
Click on the listed configuration to open (Additional Properties) Quality of Protection (QoP) Settings
Select "TLSv1.2" from the pull-down in the "Protocol" setting.
* How to open the WAS admin console.
https: // <host name>: <adminSecurePort> /ibm/console/logon.jsp
adminsecureport can be confirmed by executing the following shell (bat).
<TWAhome>/wastools/ShowHostProperties.sh(bat)
3.On <TWS_inst_dir> /WAS/TWSProfile/config/cells/TWSNodeCell/security.xml
Confirm that sslProtocol setting is changed to "TLSv1.2".
4.On <TWS_inst_dir> /WAS/TWSProfile/config/cells/TWSNodeCell/security.xml
Search for "com.ibm.ssl.protocol" and change the value to "TLSv1.2"
5.Open <TWS_inst_dir> /WAS/TWSProfile/properties/ssl.client.props and Search for "com.ibm.ssl.protocol" and change to "TLSv1.2"
6. Restart WAS on TWS side
conman stopappserv
conman startappserv
Contents to be implemented in WAS on the TDWC side
1. Back up the following files
<JazzSM_inst_dir>/profile/config/cells/JazzSMNode01Cell/security.xml
2. From the WAS management console, SSL certificate, and key management> SSL configuration
Click on the listed configuration to open (Additional Properties) Quality of Protection (QoP) Settings
Select "TLSv1.2" from the pull-down in the "Protocol" setting.
* How to open WAS admin console (steps for 9.4)
After logging in to DWC, click the WebSphere icon on the upper-right gear icon.
3.On <JazzSM_inst_dir> /profile/config/cells/JazzSMNode01Cell/security.xml
Confirm that sslProtocol setting is changed to "TLSv1.2".
4.Open <JazzSM_inst_dir> /profile/properties/ssl.client.props and
Search for "com.ibm.ssl.protocol" and change to "TLSv1.2"
5.Open <JazzSM_inst_dir> /profile/temp/ssl.client.props and Search for "com.ibm.ssl.protocol" and change to "TLSv1.2"
6. Restart WAS on TDWC side
<TWAUI home> /wastools/stopWAS.sh (bat)
<TWAUI home> /wastools/startWAS.sh (bat)
Set "Use TLS1.2" in the browser security settings.
Product Synonym
TWS; IWS; WA; TDWC
Was this topic helpful?
Document Information
Modified date:
28 June 2023
UID
ibm16379612