IBM Support

Enabling FIPS mode generating a certificate SSL Certificate on TPMfOSd

Technote (FAQ)


How can I create a key database (keyring) in FIPS mode with a stash file?


This has been identified as a product defect under APAR IV29727


In order to create a key database (keyring) in FIPS mode with a stash file it is necessary have IBM Java 6.0 installed and we have to do the following steps:

- edit the file in the %JAVA_HOME%/jre/lib/security directory and ensure that the appropriate Java security providers are listed, based on operating system and whether or not Federal Information Processing Standards (FIPS) is enabled.

This means that you have to add the following lines in “List of providers and their preference orders (see above):”

- Open a command prompt and locate the %JAVA_HOME%/jre/bin, from there run the command:

now you will see inside the list of key database type CMS, select CMS

a password prompt will appear:

insert the password and check the “Stash password to file”

Now you have to select Personal Certificates and press New Self-Signed button on the right:

here select the algorithm you want fro your certificate.
As double check to be sure that you are running in fips mode verify that MD5 is not present in the drop down list.

Document information

More support for: Tivoli Provisioning Manager for OS Deployment

Software version: 7.1.1

Operating system(s): Linux, Solaris, Windows

Reference #: 1617196

Modified date: 09 October 2013