McDewey

Enable TLS TLS 1.2 version or TLS version 1.1 is a requirement for Common Criteria mode. Secure connections using TLS version 1.0 are not permitted after enabling Common Criteria mode. • During establishment of a TLS connection, the extendedKeyUsage extension of the peer certificate is checked for proper values. • The peer certificate should have serverAuth as extendedKeyUsage extension if the peer is a server. • The peer certificate should have clientAuth as extendedKeyUsage extension if the peer is a client. If the extendedKeyUsage extension does not exist in the peer certificate or is not set properly, the connection is closed. To support TLS version 1.2, perform the following: Procedure Step 1 Install Soap UI version 5.2.1. Step 2 If you are running on the Microsoft Windows platform: a) Navigate to C:\Program Files\SmartBear\SoapUI-5.2.1\bin. b) Edit the SoapUI-5.2.1.vmoptions file to add -Dsoapui.https.protocols=TLSv1.2,TLSv1,SSLv3 and save the file. Step 3 If you are running on Linux, edit the bin/soaup.sh file to add JAVA_OPTS="$JAVA_OPTS -Dsoapui.https.protocols=SSLv3,TLSv1.2" and save the file. Step 4 If you are running OSX: a) Navigate to /Applications/SoapUI-{VERSION}.app/Contents. b) Edit the vmoptions.txt file to add -Dsoapui.https.protocols=TLSv1.2,TLSv1,SSLv3 and save the file. Step 5 Restart the SoapUI tool and proceed with AXL testing Configure Common Criteria Mode Use this procedure to configure Common Criteria mode for Unified Communications Manager and IM and Presence Service Service. Cisco's CTL client is no longer supported from Release 14. We recommend that you use the CLI command to switch the Unified Communications Manager server to Mixed Mode instead of the Cisco CTL Plugin. Note Procedure Step 1 Log in to the Command Line Interface prompt. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 253 Advanced System Security Enable TLS