Navigate to EM > System Configuration > Network Settings > General Settings > Connection Security.
For the system to verify that the subject name and the target host name match in certificates, select Verify Host Name.
To configure TLS for all external media server connections, select Enable TCP TLS Transport.
This does not enable TCP TLS Transport for remote database connections.
To support real-time certificate revocation, enable support for Online Certificate Status Protocol (OCSP) on TLS connections. To enable this, select Enable OCSP and configure the following OCSP options:
Configure the timeout interval for OCSP query responses in the OCSP Response Timeout (ms) field.
To allow TLS connections even if no OCSP response is received, select OCSP Permit if no Response.
Use synchronous OCSP queries by selecting Enable OCSP Synchronous Mode.
To allow either side of a TLS connection to change the parameters of the established secure session, select TCP TLS Session Renegotiation Enable.
To configure the number of minutes between TLS renegotiations, set TCP TLS Session Renegotiation Timer (min).
To specify that the connections from other media servers or remote element managers must use a secure TLS connection to the media server database, select Use TCP TLS Transport for Remote Database Connections.
To modify the minimum TLS version used set Minimum TLS Version accordingly. By default, it is set to TLSv1.3 for TLSv1.3 only. Set it to TLSv1.2 to support TLSv1.2 or TLSv1.3
Click Save.
Restart the Linux server for the changes to take effect.
