In order to use Transport Layer Security (TLS) with EmpowerID, you must apply Microsoft patches to the SQL server and client machines, and add registry settings to the EmpowerID server and client machines.
The .NET Framework version 4.5 or higher must be installed on the EmpowerID server. |
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
This step disables insecure protocols on the EmpowerID server.
If you perform this step before installing the SQL patch, the EmpowerID server machine will no longer be able to communicate with the SQL Server. |
Click Apply and restart the EmpowerID server.
On the client machine, download and install the appropriate patch for the Windows 7 or 2012 R2 machine:
https://support.microsoft.com/en-us/help/3080079/update-to-add-rds-support-for-tls-1.1-and-tls-1.2-in-windows-7-or-windows-server-2008-r2
You only need to install this patch on Windows 7 or Windows 2012 R2 client machines from which the user wants to connect remotely using Privileged Session Manager (PSM) to a machine with TLS 1.x. |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
If the TLS 1.1 or Server or Client subkeys do not exist under the Protocols key, add them by right-clicking the parent key and selecting New, then Key, and entering the key name. |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
|