Hello all,
I have the script to restore the previous settings and backout the TLS 1.2 script.
I have a question about the sequence of steps... here is my plan...
1. Run the script on the appliance with -r (restore switch)
Does appliance need to be restarted? do I need to also run on replica?
2. Run the script on Web tiers. (we have internal Prime web servers and external DMZ webtiers)
Do I need to restart bootstrapper or stop/restart services?
Do I need to update webtiers in Ops console?
Do I need to run the script on the internal prime servers?
Any steps I am missing> or anything else to be aware of?
We are running 8.1 patch14
Thanks
If your production AM and Web Tier are still AM 8.1 SP1 P14, you actually have the option to enforce strict TLS (TLSv1.2 only) on just the Web Tier, but not enforce it on AM 8.1 SP1 (which could break RADIUS, 7.2.x Windows clients and cross realm - refer to Release notes).
For an AM 8.1 SP1 P14 Linux Web Tier, You would need to copy the script from appliance /opt/rsa/am/utils/webtier_configure_tls12_mode.sh
to Web-Tier machine (<web-tier home>/utils/tools/scripts)
Then
Change directory to <web-tier home>/utils/tools/scripts
Change file permissions chmod +x webtier_configure_tls12_mode.sh
Enable TLS 1.2
Run command ./webtier_configure_tls12_mode --enable
Disable TLS 1.2
Run command ./webtier_configure_tls12_mode --restore
However in AM 8.2 the Web Tier strict TLS12 Mode is controlled by the AM Primary or Replica, so you have to enable it on AM and then do a Status Update of the Web Tier through the Operations Console