Skip to main content
Kofax

How to enable TLS 1.1 and 1.2 when connecting a DAS with MC

Article # 3035692 - Page views: 137

Issue: 

How to enable the DAS to use TLS1.1 or TLS1.2 for use with a Management Console requiring one of these versions?

Solution: 

Known security vulnerabilities in older versions of SSL/TLS may require the usage of TLS1.2 or TLS1.2 on the MC.

However, the DAS may not support these newer protocols in the standard configuration, therefore, DAS-MC ping fails.

 

To enable TLS 1.1. and TLS 1.2 on the DAS:

  1. Make sure that the .NET version on the DAS machine supports the version of TLS. See this Microsoft article for details.
  2. Add the certificate from Management Console to the Windows certificate store on the DAS machine
  3. Enable the TLS protocol so DAS would use it. There are two possible options to do this:

Option 1

Open DesktopAutomationServiceControl.exe.config from the Desktop Automation Service installation folder under DesktopAutomationService\bin
Add the lines below:  (inside the <configuration>...</configuration> tag, after the </appSettings> tag)

<runtime>

   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

</runtime>

Example of config file after the change:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

  <startup>

  <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>

  </startup>

  <appSettings>

    <add key="configDirectory" value=""/>

    <add key="version" value="trunk"/>

    <add key="documentationBaseUrl" value=""/>

    <add key="documentationOnlineVersion" value=""/>

    <add key="WebClientServiceName" value="WebClient"/>

    <add key="StartWebClientProcessTimeout" value="6000"/>

  </appSettings>

 

  <runtime>

   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

  </runtime>

 

</configuration>

 

Option 2.
Or another workaround is to modify the registry:

Run the following commands in DAS machine:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:64

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SchUseStrongCrypto /t REG_DWORD /d 1 /reg:32

 

Level of Complexity 

Moderate

 

Applies to  

Product Version Build Environment Hardware
Kofax RPA  10.7>      

References

 

Article # 3035692
  • Was this article helpful?