Enabling FIPS mode generating a certificate SSL Certificate on TPMfOSd

Technote (FAQ)


Question

How can I create a key database (keyring) in FIPS mode with a stash file?

Cause

This has been identified as a product defect under APAR IV29727

Answer

In order to create a key database (keyring) in FIPS mode with a stash file it is necessary have IBM Java 6.0 installed and we have to do the following steps:

- edit the java.security file in the %JAVA_HOME%/jre/lib/security directory and ensure that the appropriate Java security providers are listed, based on operating system and whether or not Federal Information Processing Standards (FIPS) is enabled.

This means that you have to add the following lines in “List of providers and their preference orders (see above):”

security.provider.10=com.ibm.security.cmskeystore.CMSProvider
security.provider.11=com.ibm.crypto.fips.provider.IBMJCEFIPS



- Open a command prompt and locate the %JAVA_HOME%/jre/bin, from there run the command:
ikeyman.exe -DDEFAULT_FIPS_MODE_PROCESSING=true

now you will see inside the list of key database type CMS, select CMS



a password prompt will appear:




insert the password and check the “Stash password to file”

Now you have to select Personal Certificates and press New Self-Signed button on the right:



here select the algorithm you want fro your certificate.
As double check to be sure that you are running in fips mode verify that MD5 is not present in the drop down list.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Provisioning Manager for OS Deployment

Software version:

7.1.1

Operating system(s):

Linux, Solaris, Windows

Reference #:

1617196

Modified date:

2013-10-09

Translate my page

Machine Translation

Content navigation