Does RecoveryManager Plus support TLS v1.2 protocol?

Does RecoveryManager Plus support TLS v1.2 protocol?

Yes, RecoveryManager Plus supports TLS v1.2. The product can be configured to use only this protocol by following the steps mentioned below. Before you proceed, please enable SSL and apply an SSL certificate in RecoveryManager Plus as explained in this document.

Steps to make RecoveryManager Plus to use only TLS v1.2

RecoveryManager Plus can be configured to use PostgreSQL and MS SQL databases. The steps to enable RecoveryManager Plus to only use TLS v1.2 will vary depending on the database used.

For PostgreSQL database

  1. Stop RecoveryManager Plus.
  2. Navigate to <installation_dir>/conf/ where <installation_dir>/ is the location where RecoveryManager Plus is installed and open the server.xml file.
  3. Change the Value of sslEnabledProtocols in Connector tag to TLSv1.2.
  4. In /conf/wrapper.conf, modify:

wrapper.java.additional.xx=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 to wrapper.java.additional.xx=-Dhttps.protocols=TLSv1.2 

Note: xx can be any integer; do not change it.

  1. Copy the information mentioned below and paste after acceptCount="100" in Connector SSLEnabled 

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 

TLS_RSA_WITH_AES_128_CBC_SHA256, 

TLS_RSA_WITH_AES_128_CBC_SHA, 

TLS_RSA_WITH_AES_256_CBC_SHA256, 

TLS_RSA_WITH_AES_256_CBC_SHA"

  1. Restart RecoveryManager Plus.

For MS SQL database

Before you proceed, check if the current installation of MS SQL Server supports TLS v1.2. If not, update your database with the service pack from here.

  1. Stop RecoveryManager Plus.
  1. Configure the logon credentials for SQL Server service with the admin account.
  1. Generate a certificate using IIS Manager, by following the steps listed below.
  1. Open IIS Manager in the Server where MS SQL is installed (type 'inetmgr' in the Run window).
  2. Select Server Certificates.
  3. Select Create Self-Signed Certificate on the Actions window.
  4. Provide a Friendly Name for the Certificate and let the Certificate Store be Personal"strong.
  1. Once done, the certificate will be installed in the Personal Certificate Store and will be available in the SQL Server Configuration Manager for Certificate Association.
  2. Associate the certificate with your SQL Server.

Note: To associate an SSL certificate to MS SQL server, the certificate should have been imported to Personal Certificate Store.

To import the certificate to Personal Certificate Store,

  1. If Self Signed Certificate is created through IIS, then it is automatically imported. If not, it should be imported using the following steps.
  1. Open IIS Manager (Run command: inetmgr).
  2. Select Server Certificates.
  3. Select Import from the Actions window.
  4. Browse the *.pfx file generated (Certificate should have been associated with private key) generated.
  1. Open SQL Server Configuration Manager.
  2. Select SQL Server Network Configuration.
  3. Right click on Protocols and select Properties for the instance that you want to associate the certificate.
  4. In the Flags tab, select Force Encryption to YES.
  5. In the Certificate Tab, select the certificate using the drop-down.
  6. Changes will be reflected, only when the Service is restarted. So restart the SQL Server service.
  1. Navigate to <installation_dir>/conf/. In the database_params.conf file, change url=jdbc:jtds:sqlserver://<server-name>:1434/DB6653_2;ssl=request to url=jdbc:jtds:sqlserver://<server-name>:1434/DB6653_2;ssl=require/authenticate
  1. Navigate to <installation_dir>/conf/ and open the wrapper.conf file.
  1. Search for wrapper.java.additional
  2. Add wrapper.java.additional.xx=Djsse.enableCBCProtection=false
  3. Add wrapper.java.additional.xx=-Djdk.tls.client.protocols=TLSv1.2
  4. Change wrapper.java.additional.xx=-Dhttps.protocols=TLSv1 to wrapper.java.additional.xx=-Dhttps.protocols=TLSv1.2

Note: xx can be any integer; do not change it.

  1. Navigate to <installation_dir>/conf/ and open the server.xml file. 
  1. In the Connector tag, remove TLSv1 and TLSv1.1 from sslEnabledProtocols, leaving only TLSv1.2 in the value.
  1. Copy the information mentioned below and paste after acceptCount="100" in Connector SSLEnabled.

ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,

TLS_RSA_WITH_AES_128_CBC_SHA256,

TLS_RSA_WITH_AES_128_CBC_SHA,

TLS_RSA_WITH_AES_256_CBC_SHA256,

TLS_RSA_WITH_AES_256_CBC_SHA"

  1. Replace jtds-1.3.1.jar 
  1. Download the JAR from this link. Replace the downloaded JAR file in the <installation_dir>/lib folder.
  1. Start RecoveryManager Plus.

If you need further assistance or information, please get in touch with us at support@recoverymanagerplus.com

Steps to disable older TLS versions in Elasticsearch

  1. Navigate to <installation>\ES\config.
  2. Open elasticsearch.yml file and add the below lines at the end of the file.

searchguard.ssl.http.enabled_protocols:

- "TLSv1.2"

searchguard.ssl.transport.enabled_protocols:

- "TLSv1.2"

  1. Save the file and restart RecoveryManager Plus for the changes to take effect.

 




      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to install SSL certificates for RecoveryManager Plus

                      RecoveryManager Plus supports an SSL connection to ensure the security of data transferred between the browser and the product server. Protecting data transferred during remote access requires a secure connection between the web browser and the ...

                    • How to configure backup repositories for your backups in RecoveryManager Plus?

                      RecoveryManager Plus provides support for multiple repositories to store your Active Directory, Entra ID, Microsoft 365, Exchange, Google Workspace, and Zoho WorkDrive backups. This post will explain how you can configure these repositories in ...

                    • How to restore AD groups using RecoveryManager Plus

                      Active Directory (AD) groups play a crucial role in managing user permissions and access control in an organization's network. They enable administrators to efficiently manage user permissions, access control, and resource sharing by grouping users ...

                    • A guide to backing up AD groups using RecoveryManager Plus

                      Active Directory (AD) groups are a fundamental component of AD that enable administrators to organize users and devices into logical units. AD groups streamline permission management and simplify user access to resources like files, folders, and ...

                    • A guide to backing up AD users using RecoveryManager Plus

                      Active Directory (AD) is the foundation of most enterprise networks, providing a central repository for authentication, authorization, and user management. User accounts in AD form the backbone of identity management, enabling secure access to ...

                      Related Products