/
Configuring Servers to Support TLS 1.x with EmpowerID

Configuring Servers to Support TLS 1.x with EmpowerID

In order to use Transport Layer Security (TLS) with EmpowerID, you must apply Microsoft patches to the SQL server and client machines, and add registry settings to the EmpowerID server and client machines.



Prerequisites

The .NET Framework version 4.5 or higher must be installed on the EmpowerID server.

To configure the EmpowerID server machine

  1. From the Start menu, open the Registry Editor (regedit).

  2. Expand the Computer node and navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
  3. Right-click the v4.0.30317 key and select New, then DWORD (32-bit) Value.





  4. Set the Name to SchUseStrongCrypto and the Value data to 1.





  5. Navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
  6. Again, right-click the v4.0.30317 key and select New, then DWORD (32-bit) Value, and add the same subkey: 

    • Value name: SchUseStrongCrypto

    • Value data: 1

To configure the SQL Server machine

  1. See the following information from Microsoft:
    https://support.microsoft.com/en-us/help/3135244/tls-1.2-support-for-microsoft-sql-server

  2. From that page, download and install the appropriate patch for your SQL Server version.

To update protocols on the EmpowerID server machine