-
Title
Password Manager TLS, Cipher Suites and SSL support -
Description
This article outlines Password Manager support for the following:- TLS
- Cipher Suites
- SSL
-
Resolution
TLSAs of version 5.8.2, TLS 1.2 is supported. If Starling 2FA is in use, 1.2 is the minimum requirement.
CIPHER SUITES
Password Manager is not affected by disabling SSL 3.0 and weak ciphers. Password Manager will use the system settings configured on the host where it is installed.
SSL
Password Manager runs on top of IIS and is not dependent on it. Therefore Password Manager will work with either HTTPS or HTTP (SSL or none).
Password Manager optionally allows the use of a custom certificate, which would be added via Certificate Manager on the host. To use any customer certificates, it is configured within the PMAdmin site. This certificate is used to encrypt traffic to and from the Password Manager services (inter-communication).
TROUBLESHOOTING
TLS
For TLS settings and restrictions, please refer to the following KB articles from Microsoft. For support regarding these settings, contact Microsoft for assistance:TLS and SSL ERRORS:
Errors:
".NET Error code 0x800c0019L. The Secure Sockets Layer (SSL) certificate is invalid"
"The page navigation is canceled because the attempt to use SSL has failed."Resolution:
Check the Certificate Revocation List (CRL).Error:
"Error 0x800C0019L when opening Self-Service site from logon screen with SPE link"Resolution:
If the certificate is self-signed, it must be imported into the Trusted Root Certification Authorities in Certificate Manager.Error:
"Error HRESULT: 0x80070520 when adding SSL binding in IIS"Resolution:
Use Certificate Manager to import the certificate: