Enabling Transport Layer Security for Reverse Proxy
  • 19 Dec 2023
  • 1 Minute to read
  • Contributors
  • PDF

Enabling Transport Layer Security for Reverse Proxy

  • PDF

Article summary

Use the Command Line Interface (CLI) of the Appliance Monitor to enable or disable Transport Layer Security (TLS) 1.0 or 1.1 configuration for reverse proxy.

For command descriptions, see the Skylight Appliance Monitor Command Reference. for virtual machine or the Docker CLI Reference for Docker.


Note: This feature is for release 23.12 or later of Skylight orchestrator.

Preconditions

Before beginning, the following precondition(s) must be met:

  • For virtual machines (VM), the Application server must be started before enabling or disabling the TLS configuration.
  • For Docker, the Skylight orchestrator services must be running before enabling or disabling the TLS configuration.

Procedures


Note: Only one value can be entered at a time while executing the command.

To enable TLS version 1 or TLS version 1.1

  1. Access the Appliance Monitor for VM or socli for Docker.

  2. For VM, check Application server. For Docker, Skylight orchestrator Services must be running.
    a. To enable TLS version 1.0, run the CLI and enter: tls enable value TLSv1
    SKD-10006 Enabling TLS on Demand for Reverse Proxy_1.png
    b. To enable TLS version 1.1, run the CLI and enter: tls enable value TLSv1.1
    SKD-10006 Enabling TLS on Demand for Reverse Proxy_2.png

  3. Restart the Application server to apply the configuration. When the Application server is not running, the following error message will appear:
    SKD-10006 Enabling TLS on Demand for Reverse Proxy_3.png

To disable TLS version 1 or TLS version 1.1

  1. Access the Appliance Monitor for VM or socli for Docker.

  2. For VM, check Application server. For Docker, Skylight orchestrator Services must be running.
    a. To disable TLS version 1.0, run the CLI and enter: tls disable value TLSv1
    SKD-10006 Enabling TLS on Demand for Reverse Proxy_4.png
    b. To disable TLS version 1.1, run the CLI and enter: tls disable value TLSv1.1
    SKD-10006 Enabling TLS on Demand for Reverse Proxy_5.png

  3. Restart the Application server to apply the configuration.

Limitation

TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time.

Consequently, you cannot access the UI device using the reverse proxy by Chrome browser.

Example:

Both TLS 1.0 and TLS 1.1 will be enabled in order to access UI device through reverse proxy by Chrome browser. An error message will appear:
SKD-10006 Enabling TLS on Demand for Reverse Proxy_6.png

However, you can access UI device through reverse proxy by FireFox browser:
SKD-10006 Enabling TLS on Demand for Reverse Proxy_7.png

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.