Skip to Content

Enabling FIPS 140-2 after installation

FIPS 140-2 is disabled by default for TSO 22.2.01.

Related topic

Configuring-after-installation

To enable FIPS 140-2

  1. You must shut down the services for all peers (Repo, CDP, HACDP, AP, LAP, and OCP), Dashboard, and Development Studio in your environment. For more information, see Starting-and-stopping-product-components-and-services.
  2. Navigate to the java.security file which is located in the following default location:
    <installation directory>/BAO/<AO Home>/jvm/conf/security/java.security
  3. Add security.provider.3=com.rsa.jsafe.provider.JsafeJCE to the existing list of security providers in the java.security file. We recommend inserting this in the third row to avoid compromising server performance. The list of providers will be as follows:
    image-2024-10-3_16-28-4.png

  4. Add the following command at the end of the java.security file:

    com.rsa.cryptoj.fips140initialmode=FIPS140_MODE
  5. Start the services for all peers (Repo, CDP, HACDP, AP, LAP, and OCP), Dashboard, and Development Studio in your environment.
    For more information, see Starting-and-stopping-product-components-and-services.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Orchestration Platform 24.3