Configuring TLS for the ESCWA Client

To configure TLS security for the ESCWA client:

  1. Click

    This opens the Enterprise Server Administration Configuration dialog box.

  2. Click SERVER SETTINGS to expand the available configuration options.
    Note: The following warning is displayed This endpoint is accessible over the network and is not TLS enabled.
  3. Check TLS SETTINGS.

    This opens the TLS Settings dialog box.

  4. Click Enable TLS.
  5. In the Certificate File field, type the absolute path to your certificate file (.pem).
  6. In the Certificate Password field, type your certificate password.
  7. In the Keyfile field, type the absolute path to your private keyfile (.pem).
  8. In the Keyfile Password field, type your private keyfile password.
  9. Click APPLY.

    This logs you out of the ESCWA interface.

  10. Log back in, and then click TLS SETTINGS.
  11. Click ADVANCED to expand the options available.
  12. In the Client Authentication field, select Accept all clients.
  13. Check Honor Server Cipher List.
  14. In the Protocols field, type +ALL.
    Note: This supports TLS1.3.
  15. In the Cipher Suites field, type DEFAULT.
  16. Click APPLY.
  17. Click BACK.
  18. Logout and restart the Micro Focus Enterprise Server Common Web Administration service.
  19. Now access ESCWA using the URL, or Common name, used when specifying the certificate being used.
    Note: The FireFox browser does not use the Windows certificate store. This means that you need to add the CARoot certificates to your FireFox store.

You now need to configure Micro Focus Directory Server (MFDS) to use TLS. You need to modify the CARootCerts.pem located in your Visual COBOL bin directory. By default, this is located in $COBDIR/etc