Configuring TLS for the ESCWA Client

To configure TLS security for the ESCWA client:

  1. Click

    This opens the Enterprise Server Administration Configuration dialog box.

  2. Click SERVER SETTINGS to expand the available configuration options.
    Note: The following warning is displayed This endpoint is accessible over the network and is not TLS enabled.
  3. Check TLS SETTINGS.

    This opens the TLS Settings dialog box.

  4. Click Enable TLS.
  5. In the Certificate File field, type the absolute path to your certificate file.
  6. In the Certificate Password field, type your certificate password.
  7. In the Keyfile field, type the absolute path to your private keyfile.
  8. In the Keyfile Password field, type your private keyfile password.
  9. Click APPLY.

    This logs you out of the ESCWA interface.

  10. Log back in, and then click TLS SETTINGS.
  11. Click ADVANCED to expand the options available.
  12. In the Client Authentication field, select Accept all clients.
  13. Check Honor Server Cipher List.
  14. In the Protocols field, type the TLS protocol string. For example, to only enable TLS 1.2 and 1.3 type -ALL+TLS1.2+TLS1.3. See Server Settings for more information.
    Note: This supports TLS1.3.
  15. In the Cipher Suites field, type the Cipher Suites string. For example, to only enable best-in-class cipher suites for TLS 1.2 type ALL:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256

    See Server Settings for more information.

  16. Click APPLY.
  17. Click BACK.
  18. Logout and restart the Micro Focus Enterprise Server Common Web Administration service.
  19. Now access ESCWA using a URL which includes https and an IP address or hostname which matches the Common Name (CN) or Subject Alternative Name (SAN) on your server certificate.

    Your browser must trust the Certificate Authority (CA) used to sign the certificate being added in the above steps.

    Note: The FireFox browser does not use the Windows certificate store. This means that you need to add the root CA certificate to your FireFox store.

You now need to configure Micro Focus Directory Server (MFDS) to use TLS. You need to modify the CARootCerts.pem located in your Visual COBOL bin directory. By default, this is located in %ProgramFiles(x86)%\Micro Focus\Visual COBOL\bin and \bin64 (Windows) or $COBDIR/etc (UNIX)