[.net programming language only][Version 8.6.0.5 and later]

Configuring the web console to use FIPS 140-2

[Version 8.6.0.5 and later]Federal Information Processing Standards (FIPS) are guidelines that set best practices for software and hardware computer security products. Products that support FIPS standards can be set into a mode where the product uses only FIPS approved algorithms and methods. Security toolkits typically support both FIPS approved and non-FIPS approved functions. In FIPS mode, the product is incapable of using any non-FIPS approved methods.

Before you begin

About this task

You can edit the HTTPS configuration to enable FIPS security. When you configure the web console to use FIPS 140-2, the browser can use only a TLS protocol to communicate with the server. Communication fails with a catalog service domain if it is only configured for SSL. The FIPS standard requires that the SSL connection to the catalog service domain use the TLS protocol.

Procedure

  1. Edit the web console configuration.
    Click Settings > Configuration > System.
  2. Select the Enable FIPS 140-2 cryptography check box.
  3. Restart the server to enable FIPS-compliant security algorithms.
    Important: After the web console is restarted, you might not be able to connect. There might be several reasons for this. For example, your browser might not support SP800-131a, or you might have specified TLSv1.2. Remember, you can use FIPS data encryption with the TLSv1 protocol only. You can reset the HTTP settings that are configured for the web console by shutting down the console and then, renaming the wxs_install_root/ObjectGrid/console/config/https-config.config file. After the file is renamed, you can start the console once again. All previously modified HTTPS settings are cleared and reset to defaults.
    Restriction: You can use FIPS data encryption with the TLSv1 protocol only.