Does Exchange Reporter Plus support the TLS v1.2 protocol?

Yes, Exchange Reporter Plus supports TLS v1.2. You can configure Exchange Reporter Plus to use this protocol exclusively by following the steps mentioned below. Please ensure that you have enabled SSL and apply an SSL certificate in Exchange Reporter Plus.

Steps to use only TLS v1.2 in Exchange Reporter Plus

The following steps will vary based on the database you are using for the product.

For PostgreSQL database

• Stop Exchange Reporter Plus.
• In <installation_dir>/conf/server.xml, change the Value of sslEnabledProtocols' in Connector tag to TLSv1.2
• In /conf/wrapper.conf, modify:

  wrapper.java.additional.xx=-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 to

  wrapper.java.additional.xx=-Dhttps.protocols=TLSv1.2

  Note: xx represents any integer; do not change it.

• Restart Exchange Reporter Plus.

For MS SQL database

Before you proceed, check if your current installation of MS SQL Server supports TLS v1.2. If not, update your instance with the service pack here.

1. Stop Exchange Reporter Plus.
2. Configure the logon credentials for SQL Server service with an admin account.
3. Generate a certificate using IIS Manager by following these steps:
   • Open IIS Manager in the server where MS SQL is installed (type 'inetmgr' in Run window).
   • Select Server Certificates.
   • Select Create Self-Signed Certificate on the Actions window.
   • Provide a friendly name for the certificate, and let the Certificate Store be Personal.
   • Once done, the certificate will be installed in Personal Certificate Store and will be available in the SQL Server Configuration Manager for Certificate Association.
4. Associate the certificate with your SQL server.

   Please note that to associate an SSL certificate to the MS SQL server, the certificate needs to be imported to the Personal Certificate Store.

   Steps to import the certificate to the Personal Certificate Store

   • If a Self Signed Certificate is created through IIS, then it is automatically imported. If not, it should be imported using the following steps:
     • Open IIS Manager (Run command: inetmgr).
     • Select Server Certificates.
     • Select import from the Actions window.
     • Browse the *.pfx file generated (certificate should have been associated with the private key).
   • Open SQL Server Configuration Manager.
   • Select SQL Server Network Configuration.
   • Right click Protocols and select Properties for the instance that you want to associate the certificate.
   • In the Flags tab, select Force Encryption to YES.
   • In the Certificate tab, select the certificate using the drop-down.
   • Changes will be reflected only when the service is restarted. So, restart the SQL Server service.
5. A new parameter, ssl=require/authenticate, should be added in the <installation_dir>/conf/database_params.conf file.

   Change 'url=jdbc:jtds:sqlserver://<server-name>:1434/DB6653_2;ssl=request' to 'url=jdbc:jtds:sqlserver://<server-name>:1434/DB6653_2;ssl=require/authenticate'

6. Make the following changes in wrapper.conf and server.xml files:

   - In <installation_dir>/conf/wrapper.conf,

   Search for wrapper.java.additional

   • Add wrapper.java.additional.xx=Djsse.enableCBCProtection=false
   • Add wrapper.java.additional.xx=-Djdk.tls.client.protocols=TLSv1.2
   • Change wrapper.java.additional.xx=-Dhttps.protocols=TLSv1 to wrapper.java.additional.xx=-Dhttps.protocols=TLSv1.2

   Note: xx represents any integer; do not change it.

   <installation_dir>/conf/server.xml

   In the Connector tag, remove TLSv1 and TLSv1.1 from sslEnabledProtocols, leaving only TLSv1.2 in the value.

7. Replace jtds-1.3.1.jar
   • Download the JAR from this link: jtds-1.3.1.jar. Replace the downloaded JAR in <installation_dir>/lib.
8. Start Exchange Reporter Plus.

If you need further assistance or information, please get in touch with us at support@exchangereporterplus.com