Search the VMware Knowledge Base (KB)
View by Article ID

Configuring VMware vCenter Server Heartbeat to use only TLS2v1.1 and TLSv1.2 (2146352)

  • 0 Ratings
Language Editions

Details

This article provides steps to configure VMware vCenter Server Heartbeat components to use only TLS2v1.1 and TLSv1.2 protocols.

Important: The following steps are applicable only to VMware vCenter Server Heartbeat 6.6 Update 2 and above.

Solution

Steps to configure VMware vCenter Server Heartbeat Service to use only TLS2v1.1 and TLSv1.2

Run the following steps on all the VMware vCenter Server Heartbeat nodes. 

  1. Shut down the VMware vCenter Server Heartbeat service.  
  2.  
  3. Close the VMware vCenter Server Heartbeat Console if it is open.   
  4.  
  5. Edit the <VMware vCenter Server Heartbeat installation folder>\R2\ssl\client.server.ssl.properties file as highlighted:
       
        #SSL Property File used for client server connections
        #Wed Jun 15 04:28:30 PDT 2016
          protocol.exclusions=SSLv3,TLSv1
          use.supported.ciphers=false
          6.6.compatibility.mode=false
          cipher.exclusions=
          use.supported.protocols=true     
  6.    
  7. Start the VMware vCenter Server Heartbeat service.   

Steps to configure VMware vCenter Server Heartbeat Console to use only TLS2v1.1 and TLSv1.2

Run the following steps on the remote/standalone VMware vCenter Server Heartbeat Console machine: 

  1. Close the  VMware vCenter Server Heartbeat Console if it is open.  
  2.  
  3. Edit the <VMware vCenter Server Heartbeat Client Tools installation folder>\R2\ssl\client.server.ssl.properties file as highlighted:
         
          #SSL Property File used for client server connections
          #Wed Jun 15 04:28:30 PDT 2016
             protocol.exclusions=SSLv3,TLSv1
            use.supported.ciphers=false
            6.6.compatibility.mode=false
             cipher.exclusions=
             use.supported.protocols=true

Steps to configure VMware vCenter Server Heartbeat WebService to use only TLS2v1.1 and TLSv1.2

Run the following steps on all the VMware vCenter Server Heartbeat nodes. 

  1. Edit the <VMware vCenter Server Heartbeat installation folder>\tomcat\apache-tomcat-6.0.32\conf\server.xml file as highlighted below:
       
    <Connector port="${hbws.config.local_host_ssl_port}" protocol="HTTP/1.1" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true"
        clientAuth="false" sslProtocols="TLSv1.1,TLSv1.2"
        keystoreFile="../ssl/NFKeyStore.jks"    
        keystorePass="D32g9Z17aB"
        keyAlias="nfhb_private_certificate"/>
  2.  
  3. Restart the VMware vCenter Server Heartbeat WebService service.

Note: If the vSphere Client Heartbeat plug-in fails to connect to vCenter Server Heartbeat web-services, check whether the Internet Explorer is configured to allow TLSv1.1 and TLSv1.2 on the client machine.
vSphere Client runs an embedded Internet Explorer version to wrap the Flex plug-in extensions. 
To support TLSv1.1 and TLSv1.2: 

  • Open Internet Explorer, and navigate to Internet options Advanced Settings.
  • Check if  TLSv1.1 and TLSv1.2 are enabled.
  • Disable the old protocols.

Additional Information

For translated versions of this article, see:

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: