Imagicle Application Suite rel. Spring 2018.3.1 and above
This how-to explains the necessary steps (with all external download links) to prepare the Imagicle server to support TLS protocol version 1.2 and enable it on the Application Suite.
Please, notice that the secure connection to SQL Server is not mandatory. However, it is recommended (for security reasons) if the SQL server is running on a different server.
TLS 1.2 is supported by IAS rel. Spring 2018.3.1 or above.
To update Imagicle Application Suite please refer to our online admin guides.
If IAS ver. is 2020.Winter.1 or above, then Windows registry modifications are not required.
It is mandatory to install specific updates onto Microsoft® Windows Server® before applying any further step.
Updates can be easily applied by running a Windows Update cycle, or by manually installing the following single hotfixes:
More info at the following link: KB4076494
After updating Microsoft® Windows Server® perform a reboot.
On the Microsoft® Windows Server® which hosts the Imagicle Application Suite, several Registry keys need to be modified in order to enable TLS 1.2, while disabling any weaker cryptographic protocol.
An easy and intuitive tool that automate the complex editing is currently available for download:
Once you downloaded IISCrypto tool, launch it and apply the following configurations:
More info on how IISCrypto tool works at the following link:
NOTE: If IAS is ver. 2020.Winter.1 or above, please skip this paragraph.
To enable TLS 1.2 support for .NET Framework, 4 additional Registry keys must be added to the Microsoft® Windows Server® which hosts the Imagicle Application Suite:
You can use the attached file to merge the mentioned registry keys very quickly.
Once applied, perform a system reboot.
To enable TLS 1.2, the minimum required database version is Microsoft® SQL Server® Express 2008 R2 SP3, while the SQL Express included up to ApplicationsSuite Spring 2019 Imagicle Installation Package is version 2008 R2 SP2. This means that, if you are relying on that setup, you will need to upgrade from the version 2008 R2 SP2 to SP3. Starting from Imagicle ApplicationSuite Summer 2019 the shipped version is Microsoft® SQL Server® Express 2017 which natively supports TLS 1.2 and does not require any additional installation.
More info at the following link: KB3135244
To upgrade from Microsoft® SQL Server® Express 2008 R2 SP2 installed on IAS to Microsoft® SQL Server® Express 2008 R2 SP3:
If you want to use a secure connection to SQL Server (not mandatory for this procedure), a valid certificate must be used by SQL Server.
If you already have a trusted certificate for the Imagicle Server please skip this session. Otherwise you can build a self-signed certificate suitable for a SQL Server in a lab/test environment, by following this procedure:
makecert -r -pe -n "CN=MININT-Q99PLQN.fareast.corp.microsoft.com" -b 10/16/2015 -e 12/01/2020 -eku 126.96.36.199.188.8.131.52.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -a sha256
Following mandatory requirements of SQL certificate:
Import must be done on the machine where SQL Server instance is installed.
See this link for additional information.
Please notice that these requirements do not apply if you're going to establish a plain (unsecure) connection to SQL Server.
Also ensure the following:
To allow encrypted connections to SQL Server, you must configure a certificate. This is accomplished in two different ways:
Secure connection to SQL server is not mandatory for TLS setup. However, it is reccomended, for secutity reasons, when SQL server runs on a different server.
If you want to use a secure connection to the SQL Server, run the Imagicle AS Database Configuration tool (from Start Menu/Imagicle Application Suite), then select the “Use secure connection” checkbox and complete the procedure following the configuration wizard’s instructions.
If an external SQL Server is used, the FQDN must be entered in the SQL Server location
Regardless you are using or not a secure connection to SQL, you need to increase the SQL client version used by the Imagicle services to connect to the database:
In case of an HA environment, ensure all servers have all cluster certificates imported.