The The supports interfacing with the common certificate pool. The certificates used for HTTPS are exported from the database to the local disk space. The EMA TLS profile enables the selection of a certificate from the pool. The All Perspective allows importing of new certificates. EMA provides a tool to support certificate upload. The Certificate Upload tool is available under PKI object (System > Security > PKI). Once this action item is selected, an external window is directed to the Certificate Upload Servlet. Two types of files, p12 and pem, are supported.The also supports SHA-256 for certificate verification. Include Page |
---|
| SBXDOC121:_OneCertificateSupportSBXDOC121: |
---|
| _OneCertificateSupport |
---|
|
Note |
---|
The user may configure up to three client CA certifications (using separate 'set' commands) for an EMA TLS Profile. |
Warning |
---|
PC Java Configuration supports TLS 1.0 only by default. When EmaTlsProfile v1_0 is disabled, the corresponding Java Configuration for TLS support must be enabled. See below example for Windows environment: |
Note |
---|
After configuring servercert and clientCACert in EmaTlsProfile, an appropriate value must be configured for clientAuthMethod in OAM > EMA to enable client SSL verification. |
To enable TLS support in Windows: - Click Start and enter "Java Control Panel" in the Search field.
- Launch the Java Control Panel program.
- From the Java Control Panel, select Advanced tab.
- Check Verify that the "Use TLS 1.1", "Use TLS 1.2", and "Use TLS 1.3" options under Advanced Security Settings section are checked, and click Apply.
- Restart your browser for the changes to take effect.
Include Page |
---|
| SBXDOC121:Beast_AttackSBXDOC121: |
---|
| Beast_Attack |
---|
|
To View Ema TLS ProfileOn the main screen, go to Configuration > System Provisioning > Security Configuration main screen, choose a path:- All > Profiles > Security > Ema TLS Profile
- Configuration > Security Configuration > Ema TLS Profile
- Configuration > Profile Managment > Security Profiles > Ema TLS Profile
The . The Ema TLS Profile window is displayed. Figure 1: Security Configuration - Ema TLS Profile
To Edit Ema TLS ProfileTo edit any of the Ema TLS Profile in the list, click the radio button next to the specific Ema TLS Profile name. The Edit Selected Ema Selected Ema TLS Profile window is displayed below. Figure 2: Security Configuration - Ema TLS Profile Edit Window
Make the required changes and click Save at the right hand bottom of the panel to save the changes made. To Create Ema TLS ProfileTo create a new Ema TLS Profile, click New Ema TLS Profile tab on the Ema TLS Profile List panel. Figure 3: Security Configuration - Ema TLS Profile Fields Image Removed The Create New Ema TLS Profile window is displayed. Info |
---|
| Note |
---|
You can create only one Ema TLS Profile. Once the entry is created, the Image Removed Create New Ema TLS Profile button disappears from the panel. | Figure 4: Security Configuration - To create a new Ema TLS Profile, click New Ema TLS Profile tab on the Ema TLS Profile Create WindowList panel. The Create New Ema TLS Profile window is displayed.
The following fields are displayed:
Table 1: Ema TLS Profile Parameters: Parameter | Description |
---|
Name | Specifies the name of the EMA-TLS profile. | Auth Client | If this field is set to true, the Ema-TLS client is forced to authenticate itself EMA-TLS. The options are: false Falsetrue True (default)
| Server Cert Name | Specifies the name of the server certificate referred by this EMA-TLS profile. | Ocsp Profile Name | Specifies the name of the OCSP profile referred by this TLS profile. | V1_0 | TLS protocol version 1.0. disabled enabled Disabled (default) - Enabled
| V1_1 | TLS protocol version 1.1. disabled Disabled (default)enabled Enabled
| V1_2 | TLS protocol version 1.2. - Disabled
disabled Enabled (default) enabled
| V1_3 | TLS protocol version 1.3. - Disabled
disabled Enabled (default)enabled
|
To Delete Ema TLS ProfileTo delete any of the created Ema TLS Profile, click the radio button next to the specific Ema specific Ema TLS Profile which you want to delete. Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision. Click OK to remove the specific Ema TLS Profile from the list. |