To configure TLS security for the
ESCWA client:
- Click
This opens the
Enterprise Server Administration Configuration dialog box.
- Click
SERVER SETTINGS to expand the available configuration options.
Note: The following warning is displayed
This endpoint is accessible over the network and is not TLS enabled.
- Check
TLS SETTINGS.
This opens the
TLS Settings dialog box.
- Click
Enable TLS.
- In the
Certificate File field, type the absolute path to your certificate file (.pem).
- In the
Certificate Password field, type your certificate password.
- In the
Keyfile field, type the absolute path to your private keyfile (.pem).
- In the
Keyfile Password field, type your private keyfile password.
- Click
SAVE.
This logs you out of the
ESCWA interface.
- Log back in, and then click
TLS SETTINGS.
- Click
ADVANCED to expand the options available.
- In the
Client Authentication field, select
Accept all clients.
- Check
Honor Server Cipher List.
- In the
Protocols field, type
+ALL.
Note: This supports TLS1.3.
- In the
Cipher Suites field, type
DEFAULT.
- Click
BACK.
- Click
SAVE.
- Logout and restart the
Micro Focus Enterprise Server Common Web Administration service.
- Now access
ESCWA using the URL, or
Common name, used when specifying the certificate being used.
Note: The FireFox browser does not use the Windows certificate store. This means that you need to add the CARoot certificates to
your FireFox store.
You now need to configure
Micro Focus Directory Server (MFDS) to use TLS. You need to modify the
CARootCerts.pem located in your
Visual COBOL bin directory. By default, this is located in
$COBDIR/etc