×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 9.0 version of BMC Atrium Single Sign-On, which is in "End of Version Support." However, the documentation is available for your convenience. You will not be able to leave comments.

Click here to view the documentation for a supported version of Remedy Single Sign-On.
BMC Atrium Single Sign-On 9.0 ... Installing Prerequisites to install BMC Atrium Single Sign-On on an external Tomcat server

Configuring an external Tomcat instance for FIPS-140

The Federal Information Processing Standard (FIPS-140) are standards for use in computer systems by all non-military government agencies and government contractors. For example, data encoding and encryption standards. For information about FIPS-140, see Configuring FIPS-140 mode.

To configure an external Tomcat instance for FIPS-140

If you plan to enable FIPS-140 and are installing to an external Tomcat server, perform these steps:

  1. Configure the Tomcat server for auto-deployment of .war files.
  2. Use the same keystore for both non-FIPS and FIPS versions of your server.xml file.
  3. Perform the following modifications to the server.xmlfile for non-FIPS and FIPS versions:
    1. Duplicate the original file to create a FIPS version (named server.xml.fips) and non-FIPS version (named server.xml.nofips).

    2. In the new FIPS version of the file, use the following ciphers attributes to force a higher level of encryption (or use your own values):

      ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128 CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_ DES_EDE_CBC_SHA"
    3. Add the XML comment to tag the file as FIPS-140: <!-- FIPS140 -->
  4. Perform the following modifications to the java.securityfile for non-FIPS and FIPS versions:
    1. Duplicate the original file, creating java.security.nofips and java.security.fips versions.

    2. In java.security.fips, make sure that the provider is the first one in the security providers list, with the remaining providers renumbered.

      For example, the following list places the JsafeJCE provider at the top of the list with a key suffix of 1, while the providers after JsafeJCE are renumbered to follow the first. The com.rsa.cryptoj.jce.kat.strategy and com.rsa.cryptoj.jce.fips140initialmode properties are placed after the security providers list.

      For those properties, use the exact values shown in the following example:

      security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign

security.provider.10=sun.security.mscapi.SunMSCAPI
com.rsa.cryptoj.jce.kat.strategy=on.load
com.rsa.cryptoj.jce.fips140initialmode=FIPS140_SSL_MODE

Where to go from here

  • To set up an HTTPS connection, Setting an HTTPS connection Open link .
Was this page helpful? Yes No Submitting... Thank you
Last modified by Kamalakannan Srinivasan on May 22, 2015

Comments

Log in or register to comment.

JVM parameter additions for external Tomcat installations
Setting an HTTPS connection
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.