You can enable post-quantum cryptography (PQC) for encrypted network tunnels, providing resistance against attacks from quantum computers.
Note
-
Post-quantum cryptography is supported for CommCell environments using CPR 2024E (11.36) or later.
-
For CPR 2024E (11.36), post-quantum cryptography is supported only for all-in-one setups (that is, the CommServe server, the Web Server, and the Command Center must all reside on the same computer).
Before You Begin
On Windows computers only, do the following:
-
Set the registries MaxRequestBytes and MaxFieldLength (DWORDS) at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters to a value of 30720 (30 KB).
-
Reboot the computer.
Procedure
-
On all computers in which PQC needs to be enabled, set the following registries under Session:
Note
You can either set the keys at the individual server level, or create a server group and then set the keys at the server group level.
-
Keyname = sPostQuantumCerts Value = dilithium3
-
Keyname = sPostQuantumKEM Value = kyber1024
-
-
Restart services on the CommServe computer. This will auto-renew the certificate authority (CA) and generate a new CommServe server client certificate.
-
Restart client services, and then verify certificates are generated on the computer signed by the new CA.