Issues updating TLS and cipher suites in ADManager Plus

Issues updating TLS and cipher suites in ADManager Plus

Issues  description

You are facing difficulties adding or modifying TLS ciphers in ADManager Plus. This could result in secure communication errors or changes not taking effect.

Possible causes

  1. Unsupported ciphers: The ciphers being added may not be supported by the Java Runtime Environment (JRE) or the server’s operating system.

  2. Incorrect syntax: Errors in the configuration file related to TLS ciphers.

  3. Conflicting settings: Other security configurations may interfere with the TLS cipher setup.

  4. Outdated ADManager Plus version: The application build might not support the required ciphers.

  5. Missing dependencies: Required system components for TLS configuration may not be installed.

Prerequisites  

  • Access to the ADManager Plus server.

  • Administrative privileges to modify configuration files in ADManager Plus service.

Resolution

Case 1: Update via UI  

  1. Log in to ADManager Plus as an administrator.

  2. Navigate to the Admin tab.

  3. Under General Settings, click Connection.

  4. Under Advanced Settings, scroll to the TLS and Cipher fields section.

  5. Update the list of cipher suites with the required values.

  6. Click Save Changes and restart the application.

Case 2: Update via configuration file (server.xml)

Step 1: Locate ADManager Plus TLS configuration file   

  1. The configuration file is typically found at,

<Installation Directory>\ManageEngine\ADManager Plus\conf\server.xml

 Step 2: Modify TLS configuration in server.xml   

  1. Open server.xml using a text editor with administrator privileges.

  2. Locate the <Connector> element handling HTTPS traffic (usually on port 443 or 8443).

  3. Ensure the attributes protocol="HTTP/1.1" and SSLEnabled="true" are present.

  4. Add or modify the ciphers attribute with a comma-separated list of supported ciphers at the end of the string.

Example:

<Connector protocol="HTTP/1.1" SSLEnabled="true"
           port="443" scheme="https" secure="true"
           ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384"/>

  1. Ensure the syntax is correct and appears on a single line.

  2. Save the server.xml file.

 

 

Step 3: Restart ADManager Plus service

  1. Open services.msc by pressing Win + R, type services.msc, and pressing Enter.

  2. Locate ManageEngine ADManager Plus service.

  3. Right-click and select Restart.

Tips  

  • Test changes in a non-production environment before applying them to the production ADManager Plus server.

  • Document configured ciphers and the reasons for selecting them for future reference.

  • Enable only strong and secure ciphers, avoiding weaker ones that may be vulnerable to attacks.

  • Use SSL Labs or similar tools to test and verify the security of the TLS configuration.

How to reach support

If the issue persists, contact our support team here


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products