Does ADManager Plus support TLS v1.2 protocol?

Yes, ADManager Plus supports TLS v1.2. The product can be configured to use only this protocol by following the steps mentioned below. Before you proceed, please enable SSL and apply an SSL certificate in ADManager Plus as explained in this article.

Steps to make ADManager Plus to use only TLS v1.2

The steps will vary based on the database you are using for ADManager Plus.

- For PostgreSQL database

• Stop ADManager Plus.
• In <installation_dir>/conf/server.xml, change the Value of sslEnabledProtocols' in Connector tag to TLSv1.2
• In /conf/wrapper.conf, modify:
  wrapper.java.additional.xx=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 to
  wrapper.java.additional.xx=-Dhttps.protocols=TLSv1.2
  

  Note: xx can be any integer; do not change it.

• Restart ADManager Plus.

- For MS SQL database

Before you proceed, check if your current installation of MS SQL Server supports TLS v1.2. If not, update your instance with the service pack from here.

1. Stop ADManager Plus.
2. Configure the logon credentials for SQL Server service with Admin account.
3. Generate a certificate using IIS Manager, by following these steps:
   • Open IIS Manager in the Server where MS SQL is installed (type 'inetmgr' in Run window).
   • Select "Server Certificates".
   • Select "Create Self-Signed Certificate" on the Actions window.
   • Provide a "Friendly Name" for the Certificate, and let the Certificate Store be "Personal"strong>.
   • Once done, the Certificate will be installed in Personal Certificate Store and will be available in the SQL Server Configuration Manager for Certificate Association.
4. Associate the Certificate with your SQL Server.

   Please note that to associate an SSL certificate to MS SQL server, the certificate should have been imported to Personal Certificate Store.

   Steps to import the certificate to Personal Certificate Store

   • If Self Signed Certificate is created through IIS, then it is automatically imported. If not, it should be imported using the following steps.
     • Open IIS Manager(Run command: inetmgr).
     • Select Server Certificatesstrong>.
     • Select importstrong> from Actions window.
     • Browse the *.pfx file generated(Certificate should have been associated with private key) generated.
   • Open SQL Server Configuration Manager.strong>
   • Select SQL Server Network Configuration.strong>
   • Right click on Protocols and select Properties, for the instance that you want to associate the certificate.
   • In Flags tab, select Force Encryptionstrong> to YES.
   • In Certificate Tab, select the Certificate using the Drop Down.
   • Changes will be reflected, only when the Service is restarted. So restart the SQL Serverstrong> service.
5. A new parameter, ssl=require/authenticate, should be added in the <installation_dir>/conf/database_params.conf file.
   Change 'url=jdbc:jtds:sqlserver://<server-name>:1434/DB6653_2;ssl=request' to 'url=jdbc:jtds:sqlserver://<server-name>:1434/DB6653_2;ssl=require/authenticate'
6. Make the following changes in wrapper.conf and server.xml files:

   - In <installation_dir>/conf/wrapper.conf,

   Search for wrapper.java.additional

   • Add "wrapper.java.additional.xx=Djsse.enableCBCProtection=false"
   • Add "wrapper.java.additional.xx=-Djdk.tls.client.protocols=TLSv1.2
   • Change wrapper.java.additional.xx=-Dhttps.protocols=TLSv1 to wrapper.java.additional.xx=-Dhttps.protocols=TLSv1.2

   Note: xx can be any integer; do not change it.

   <installation_dir>/conf/server.xml

   In the Connector tag, remove TLSv1 and TLSv1.1 from sslEnabledProtocols, leaving only TLSv1.2 in the value.

7. Replace jtds-1.3.1.jar
   • Download the JAR from this link: jtds-1.3.1.jar. Replace the downloaded JAR in <installation_dir>/lib.
8. Start ADManager Plus.

If you need further assistance or information, please get in touch with us at support@admanagerplus.com