To configure TLS security for the
ESCWA client:
- Click
This opens the
Enterprise Server Administration Configuration dialog box.
- Click
SERVER SETTINGS to expand the available configuration options.
Note: The following warning is displayed
This endpoint is accessible over the network and is not TLS enabled.
- Check
TLS SETTINGS.
This opens the
TLS Settings dialog box.
- Click
Enable TLS.
- In the
Certificate File field, type the absolute path to your certificate file.
- In the
Certificate Password field, type your certificate password.
- In the
Keyfile field, type the absolute path to your private keyfile.
- In the
Keyfile Password field, type your private keyfile password.
- Click
APPLY.
This logs you out of the
ESCWA interface.
- Log back in, and then click
TLS SETTINGS.
- Click
ADVANCED to expand the options available.
- In the
Client Authentication field, select
Accept all clients.
- Check
Honor Server Cipher List.
- In the
Protocols field, type the TLS protocol string. For example, to only enable TLS 1.2 and 1.3 type
-ALL+TLS1.2+TLS1.3. See
Server Settings for more information.
Note: This supports TLS1.3.
- In the
Cipher Suites field, type the Cipher Suites string. For example, to only enable best-in-class cipher suites for TLS 1.2 type
ALL:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256
See
Server Settings for more information.
- Click
APPLY.
- Click
BACK.
- Logout and restart the
Micro Focus Enterprise Server Common Web Administration service.
- Now access
ESCWA using a URL which includes https and an IP address or hostname which matches the Common Name (CN) or Subject Alternative
Name (SAN) on your server certificate.
Your browser must trust the Certificate Authority (CA) used to sign the certificate being added in the above steps.
Note: The FireFox browser does not use the Windows certificate store. This means that you need to add the root CA certificate to
your FireFox store.
You now need to configure
Micro Focus Directory Server (MFDS) to use TLS. You need to modify the
CARootCerts.pem located in your
Visual COBOL bin directory. By default, this is located in
$COBDIR/etc