Regarding TLS configurations update, the steps provided in the SailPoint document is not much clear. Can someone explain?
Thank you.
-
identify targetted sources
-
Better to work with infra team to update target system to sypport TLS that mentioned in the doc
-
do test connections and aggregations
Hi @Raghava_S ,
SailPoint has enforced stricter TLS and encryption standards following a Java upgrade on the Virtual Appliance. Previously it was accepting TLS old versions which supports SHA - 1.
Please notify your app owner to check below things:
-
Use of TLS 1.2 or higher for all connections
-
Replacement of any SHA-1 certificates with SHA-256 or stronger
-
Valid and trusted certificates are installed (including full certificate chain)
-
No reliance on legacy or insecure protocols.
Thank you.
The following also best help you, do the following VA to list out sources
openssl s_client -connect server:port -tls1_2
Thus the above command gives information about TLS?
yes it will outputs Protocol and Cipher. Then based on that you can make a list and pass the info to infra or IT team to have TLS 1.2 with SHA-256 if it does not have