SOTI Pulse Logo

disabling TLS 1.0

Solved
WT
Warren T
Marston (Holdings) Limited

Hi all.

Just wondering how to effectively to carry out the above? I can't remember what was done to grant TLS connectivity via mobicontrol admin or the server and the majority if not all devices that used TLS 1.0 have been deprecated so we no longer want enrolment/deployment to be able to carry out on TLS 1.0 going forward and certainly want to block TLS 1.0

Is it as simple as just removing / disabling the correct SHA1 certificate from admin? Will that throw up any warnings on the dashboard or is there some functionality required from TLS 1.0 we aren't aware of? Is there any specific ports we may have opened that use TLS 1.0 that can be safely removed?

Mobicontrol server 15.5.1.1010

Thanks

tls mobicontrol security server certificates
a year ago
SOTI MobiControl
ANSWERS
ZC
Zafer Cigdem
a year ago

Hi Warren,

Here is the required TLSs on your servers, based on the device type and OS here: System Requirements (soti.net)

As far as I know, it's enough to disable the TLS from your server side (from regedit or such), and then the device on your field can't use this TLS while communicating with your MobiControl Server(s) any more.

As a best practice, you can get export of your regedit or such before doing any chances on your environment. And just after the change, you can check out the device connectivity, remote control, profile install is working well.

I hope this helps. Thank you

Solution
WT
Warren T
a year ago

Hi Zafer

Excellent thank you sounds nice and simple then!

When I get the opportunity I will lok further into this and try the suggested then we can start to remove any remnants of older devices from the server.

Thank you

ZC
Zafer Cigdem
a year ago

If you face any issue, then you can quickly revert this change back to the original one to not face any downtime on your server :)

I hope somebody from the blog community can verify my above comments as well.

WT
Warren T
a year ago

I have spoken with our IT team who confirmed basically the same, so we will look to do that and test functionality of the server. Thanks again Zafer :)

ZC
Zafer Cigdem
a year ago

Happy to hear that helped, it's a pleasure. Thanks :)

Similar Discussions