Skip to Main Content
Return to Navigation

Enabling TLS-Only on WebSphere

Transport Layer Security (TLS) protocol is an improvement on the SSL v3 protocol. This section discusses:

Configuring WebSphere for TLS

To enable TLS-only on WebSphere:

  1. Login to ISC (http://host:adminport/ibm/console).

  2. Under the Security menu, select SSL certificate and key management, SSL configurations, NodeDefaultSSLSettings, Quality of protection (QoP) settings.

  3. Change the Protocol value to TLS orTLSv1.

    This ensures that WebSphere server will accept only TLS connections. That is, when the web server acts as a server (inbound) or as client (outbound) the SSL connections will be established through the TLS protocol. When testing from a browser make sure to check the browser settings to initiate TLS handshakes only.

Configuring Browsers for TLS

This section covers steps for configuring TLS on browsers.

Setting Up TLS on Microsoft Internet Explorer

To set up TLS on Internet Explorer:

  1. Launch Internet Explorer.

  2. Select Tools, Internet Options, and select the Advanced tab.

  3. In the Settings box in the Security section, disable Use SSL 3.0 and enableUse TLS 1.0.

  4. Click OK and restart the browser.

Setting Up TLS on Mozilla Firefox

To set up TLS on Firefox:

  1. Launch Firefox.

  2. Select Tools, Options, click the Advanced icon, and select the Encryption tab.

  3. In the Protocols group box, disable Use SSL 3.0 and enableUse TLS 1.0.

  4. Click OK and restart the browser.

Testing TLS

After setting TLS for WebSphere and browsers, the TLS communication can be verified by logging in to the PeopleSoft application through WebSphere’s default SSL port (HTTPS).

For example:

https://<host_name>:<https_port>/<PIA site>/signon.html

You can find the HTTPS port in the WebSphere Administrative Console, by selecting Servers, Application Server, server1, ports. Find the port corresponding to the entry WC_defaulthost_secure.

Configuring Reverse Proxy Servers for TLS

It is strongly recommended to that you access the vendor's documentation of the web server you are using for a reverse proxy server and use their instructions for setting up TLS.