Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

Chapter 35. Configuring TLS for Identity Management

This document describes how to configure an Identity Management server to require the TLS protocol version 1.2 in Red Hat Enterprise Linux 7.3 and later.

TLS 1.2 is considered more secure than previous versions of TLS. If your IdM server is deployed in an environment with high security requirements, you can configure it to forbid communication using protocols that are less secure than TLS 1.2.

Important

Repeat these steps on every IdM server where you want to use TLS 1.2.

35.1. Configuring the `httpd` Daemon

Open the /etc/httpd/conf.d/nss.conf file, and set the following values for the NSSProtocol and NSSCipherSuite entries:

NSSProtocol TLSv1.2
NSSCipherSuite +ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_256_sha

Alternatively, use the following commands to set the values for you:

# sed -i 's/^NSSProtocol .*/NSSProtocol TLSv1.2/' /etc/httpd/conf.d/nss.conf
# sed -i 's/^NSSCipherSuite .*/NSSCipherSuite +ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_256_sha/' /etc/httpd/conf.d/nss.conf

Restart the httpd daemon:
```
# systemctl restart httpd
```

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Red Hat Training

Chapter 35. Configuring TLS for Identity Management

35.1. Configuring the `httpd` Daemon

Language and Page Formatting Options

Red Hat Training

Chapter 35. Configuring TLS for Identity Management

35.1. Configuring the httpd Daemon

35.1. Configuring the `httpd` Daemon