Enabling Transport Layer Security for Reverse Proxy

To enable or disable the configuration for Transport Layer Security (TLS) 1.0 or 1.1 on a reverse proxy using the Command Line Interface (CLI), follow the procedures in this article.

Note: This article outlines the procedure for using Docker. If you are operating within a virtual machine, see the legacy material here.

For command descriptions, see the Docker CLI Reference.

Preconditions

Before beginning, the following precondition must be met:

• The Legacy Orchestrator services must be running before enabling or disabling the TLS configuration.

Procedures

Note: Only one value can be entered at a time while executing the command.

To enable TLS version 1 or TLS version 1.1

1. Access socli.

2. Legacy Orchestrator Services must be running.
   a. To enable TLS version 1.0, run the CLI and enter: tls enable value TLSv1
   
   b. To enable TLS version 1.1, run the CLI and enter: tls enable value TLSv1.1
   

3. Restart the Application server to apply the configuration. When the Application server is not running, the following error message will appear:
   

To disable TLS version 1 or TLS version 1.1

1. Access socli.

2. Legacy Orchestrator Services must be running.
   a. To disable TLS version 1.0, run the CLI and enter: tls disable value TLSv1
   
   b. To disable TLS version 1.1, run the CLI and enter: tls disable value TLSv1.1
   

3. Restart the Application server to apply the configuration.

Limitation

TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time.

Consequently, you cannot access the UI device using the reverse proxy by Chrome browser.

Example:

Both TLS 1.0 and TLS 1.1 will be enabled in order to access UI device through reverse proxy by Chrome browser. An error message will appear:

However, you can access UI device through reverse proxy by FireFox browser: