Disabling SSLv3 on vCenter Single Sign-On port 7444
search cancel

Disabling SSLv3 on vCenter Single Sign-On port 7444

book

Article ID: 324788

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides information on disabling SSLv3 on the vCenter Single Sign-On port 7444.
 
Note: When you upgrade to vCenter Server 6.0 Update 1, the SSLv3 protocol is enabled on the vCenter Single Sign-On port 7444 by default.


Environment

VMware vCenter Server 6.0.x

Resolution

Note: Perform these steps after the upgrade to vCenter Server 6.0 Update 1 is completed on the Platform Service Controller (PSC) machine and all the nodes that are registered to the PSC.
 
To disable SSLv3 on the vCenter Single Sign-On port 7444:
  1. Connect to the PSC machine.
     
  2. Open the server.xml file for the vCenter Single Sign-On.

    - Windows default location: C:\ProgramData\VMware\vCenterServer\runtime\VMwareSTSService\conf\

    - vCenter Server Appliance default location: /usr/lib/vmware-sso/vmware-sts/conf/
     
  3. Create a backup of the file.
     
  4. Find this line:

    '<Connector SSLEnabled="true">'
     
  5. Append this line at the end of the line in step 4.

    'sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"'


    Example:

    '<Connector SSLEnabled="true"''sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"'</span>

  6. Save the file.
     
  7. Restart the VMware Security Token Service by running these commands:

    service-control --stop vmware-stsd
    service-control --start vmware-stsd

    Alternatively, you can restart the PSC machine.

Additional Information

For translated versions of this article, see:
Powered by Wolken Software