I need to enable SSL/TLS 1.2 in Netiq Identity Manager.
At which point? (Of course the answer is 'all points').
RL -> Engine communication defaults to 1.2 based on the JVM version in use. So later IDM 4.7's do that out of the box, assuming you enabled SSL for the connections.
LDAP over SSL - in iManager, look at either the LDAP Server or LDAP Group (I always forget how the functionality is split) and there is a setting on each server for the Ciphers, and SSL/TLS levels. You can untick all, leaving only 1.2 available.
Front end web apps: This is handled in the Tomcat config. Which offhand I forget how to do, but I think it defaults to 1.2. It is in the <Connector> string and you specify the strength and ciphers there. (Tomcat install dir, conf/server.xml holds this setting).
What did I miss?
What about iMonitor on port 8030? We are getting vulnerability scans showing port 8030 which is iMonitor, is not using TLS 1.2, I think it is showing SSLv3 or TLS1.0
I followed all steps to do LDAP via TLS 1.2 but it is still showing up on the scans.
For LDAP check this TID: https://support.microfocus.com/kb/doc.php?id=7017644
For iMonitor check this thread: Force iMonitor to use TLS 1.2
An important thing that can might have been overlooked is that you might need to use EC certificate.