Table of Contents

Search

  1. Preface
  2. Command Line Programs and Utilities
  3. Installing and Configuring Command Line Utilities
  4. Using the Command Line Programs
  5. Environment Variables for Command Line Programs
  6. Using infacmd
  7. infacmd as Command Reference
  8. infacmd aud Command Reference
  9. infacmd autotune Command Reference
  10. Infacmd bg Command Reference
  11. infacmd ccps Command Reference
  12. infacmd cluster Command Reference
  13. infacmd cms Command Reference
  14. infacmd dis Command Reference
  15. infacmd idp Command Reference
  16. infacmd edp Command Reference
  17. Infacmd es Command Reference
  18. infacmd ihs Command Reference
  19. infacmd ipc Command Reference
  20. infacmd isp Command Reference
  21. infacmd ldm Command Reference
  22. infacmd mas Command Reference
  23. infacmd mi Command Reference
  24. infacmd mrs Command Reference
  25. infacmd ms Command Reference
  26. infacmd oie Command Reference
  27. infacmd ps Command Reference
  28. infacmd pwx Command Reference
  29. infacmd roh Command Reference
  30. infacmd rms Command Reference
  31. infacmd rtm Command Reference
  32. infacmd sch Command Reference
  33. infacmd search Command Reference
  34. infacmd sql Command Reference
  35. infacmd tdm Command Reference
  36. infacmd tools Command Reference
  37. infacmd wfs Command Reference
  38. infacmd ws Command Reference
  39. infacmd xrf Command Reference
  40. infacmd Control Files
  41. infasetup Command Reference
  42. pmcmd Command Reference
  43. pmrep Command Reference
  44. Working with pmrep Files

UpdateDomainCiphers

UpdateDomainCiphers

Update the Informatica domain to use a new effective list. Modify the whitelist to add cipher suites to the effective list. Modify the blacklist to remove cipher suites from the effective list.
Before you run the command verify that the following requirements are met:
  • The domain uses secure communication within the domain or secure connections to web clients.
  • The domain is shutdown.
  • You are able to run the command on a gateway node in the domain.
The effective list of cipher suites contains the cipher suites that the Informatica domain supports. When you run the UpdateDomainCiphers command, the Informatica domain creates the effective list of cipher suites based on the following lists:
Blacklist
List of cipher suites that you want the Informatica domain to block. When you add a cipher suite to the blacklist, the Informatica domain removes the cipher suite from the effective list. You can add cipher suites that are on the default list to the blacklist.
Default list
List of cipher suites that the Informatica domain supports by default.
Whitelist
List of cipher suites that you want the Informatica domain to support in addition to the default list. When you add a cipher suite to the whitelist, the Informatica domain adds the cipher suite to the effective list. You do not need to add cipher suites that are on the default list to the whitelist.
Consider the following guidelines when you run the UpdateDomainCiphers command:
  • When you run the command, you create a new effective that overrides the previous effective list.
  • When you run the command and specify a whitelist or blacklist, the new whitelist or blacklist overwrites the previous list.
  • The effective list includes the cipher suites in the default list and whitelist and excludes the cipher suites in the blacklist.
  • When you run the command and do not specify a white or blacklist, the command creates an effective list that uses the cipher suites in the default list.
  • The effective list must contain at least one cipher suite that TLS v1.1 or 1.2 supports.
  • The effective list must be a valid cipher suite for Windows, the Java Runtime Environment, and OpenSSL.
For more information about how to create whitelists and blacklists to update the effective list that the Informatica domain uses, see the
Informatica Security Guide
.
The UpdateDomainCiphers command uses the following syntax:
[<-preview|-p> true|false] [<-cipherWhiteList|-cwl> ciphersuite1,ciphersuite2,...] [<-cipherWhiteListFile|-cwlf> whitelist_file_name] [<-cipherBlackList|-cbl> ciphersuite1,ciphersuite2,...] [<-cipherBlackListFile|-cblf> blacklist_file_name]
The following table describes infasetup UpdateDomainCiphers options and arguments:
Option
Argument
Description
-preview
-p
true
false
Optional. If true, the command displays the effective list of cipher suites that the domain will use.
If false, the command updates the cipher suites for the Informatica domain to use the effective list of cipher suites. The default is false.
-cipherWhiteList
-cwl
CipherSuiteName01,CiphersuiteName02, ...
Optional. Comma-separated list of cipher suites that you want to add to the effective list. Use the full IANA TLS Cipher Suite Registry name or a regular Java expression.
This list overwrites the previous whitelist.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-cipherWhiteListFile
-cwlf
whitelist_file_location
Optional. Absolute file path and filename of a plain-text file that contains a comma-separated list of cipher suites that you want to add to the effective list.
This list overwrites the previous whitelist.
Use the full IANA TLS Cipher Suite Registry name or a regular Java expression.
The list must contain at least one valid JRE or OpenSSL cipher suite.
-cipherBlackList
-cbl
CipherSuiteName01,CiphersuiteName02, ...
Optional. Comma-separated list of cipher suites that you want to remove from the effective list. Use the full IANA TLS Cipher Suite Registry name or a regular Java expression.
This list overwrites the previous blacklist.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.
-cipherBlackListFile
-cblf
blacklist_file_location
Optional. Absolute file path and filename of a plain-text file that contains a comma-separated list of cipher suites that you want to remove from the effective list. Use the full IANA TLS Cipher Suite Registry name or a regular Java expression.
This list overwrites the previous.
The effective list must contain at least one valid JRE or OpenSSL cipher suite.


Updated August 15, 2019