Configuring ciphers for the Control-M Web Server

This procedure describes how to configure ciphers for the Control-M Web Server in zone 1. The Control-M Web Server supports by default the TLSv1.2 SSL protocol. Refer to the manage_webserver utility to allow lower protocol values. The available ciphers for Zone 1 are defined in <EM Home Directory>/ini/ssl_tomcat_ciphers.xml. If you want to use a cipher that is not listed in the file or limit the listed ciphers perform this procedure.

To configure ciphers for the Control-M Web Server:

1. From the Web Server computer, run the following command and verify that the ciphers you want to use exist in the output of the command.

   em openssl ciphers -V

2. Add the new ciphers to the <EM Home Directory>/ini/ssl_tomcat_ciphers.xml file.
3. Add the ciphers to the relevant secured connector, as follows:
   1. Type the following command:

      manage_webserver

   2. Press 1 to display the Tomcat configuration.
   3. Press 3 to display Secure Connector Configuration.
   4. Press 3 to edit the SSL Connector.
   5. Select the connector you want to edit.
4. Copy the list of existing ciphers to an external file and add or remove ciphers as required, as they appear in the <EM Home Directory>/ini/ssl_tomcat_ciphers.xml file.
5. Select 1 and insert the new list of ciphers.
6. From the CCM, recycle the Control-M Web Server.