Skip to main content
Kofax

How to enable TLS 1.1 and 1.2 when connecting a DAS with MC

  1. Last updated
  2. Save as PDF
Article # 3035692 - Page views: 275

Issue: 

How to enable the DAS to use TLS1.1 or TLS1.2 for use with a Management Console requiring one of these versions?

Solution: 

Known security vulnerabilities in older versions of SSL/TLS may require the usage of TLS1.2 or TLS1.2 on the MC.

However, the DAS may not support these newer protocols in the standard configuration, therefore, DAS-MC ping fails.

SSL certificates that uses TLS 1.2 can cause this issue. The DAS log will contain the following (this issue is fixed in 11.2.0.0 and documented in the Release Notes):

The request was aborted: Could not create SSL/TLS secure channel.

 

To enable TLS 1.1. and TLS 1.2 on the DAS:

  1. Make sure that the .NET version on the DAS machine supports the version of TLS. See this Microsoft article for details.
  2. Add the certificate from Management Console to the Windows certificate store on the DAS machine
  3. Enable the TLS protocol so DAS would use it. There are two possible options to do this:

Option 1

Open DesktopAutomationServiceControl.exe.config from the Desktop Automation Service installation folder under DesktopAutomationService\bin
Add the lines below:  (inside the <configuration>...</configuration> tag, after the </appSettings> tag)

<runtime>

   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

</runtime>

Example of config file after the change:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

  <startup>

  <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>

  </startup>

  <appSettings>

    <add key="configDirectory" value=""/>

    <add key="version" value="trunk"/>

    <add key="documentationBaseUrl" value=""/>

    <add key="documentationOnlineVersion" value=""/>

    <add key="WebClientServiceName" value="WebClient"/>

    <add key="StartWebClientProcessTimeout" value="6000"/>

  </appSettings>

 

  <runtime>

   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

  </runtime>

 

</configuration>

 

Option 2.
Or another workaround is to modify the registry:

Run the following commands in DAS machine:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

 

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
Kofax RPA  10.7>      

References

 

Article # 3035692
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.