You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -24,7 +24,16 @@ In FIPS mode, Semeru Runtimes does not support file-based keystores like JKS and
Complete the following steps to configure your Open Liberty server to run on Semeru Runtimes in FIPS mode and to add your keys and certificates to the NSS database.
1. Confirm that your RHEL operating system is installed in FIPS mode. +
If your RHEL operating system was not installed in FIPS mode, you must switch it to FIPS mode. For more information about how to enable or check the FIPS status for your RHEL operating system, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening?_ga=2.199036333.328645028.1662471426-119974336.1661806438#switching-the-system-to-fips-mode_using-the-system-wide-cryptographic-policies[Switching the system to FIPS mode] in the RHEL documentation.
+
Run the following command:
+
----
fips-mode-setup --check
----
+
If FIPS mode is enabled, the command output is `FIPS mode is enabled.`
+
If your RHEL operating system was not installed in FIPS mode, you must switch it to FIPS mode. For more information about how to enable or check the FIPS status for your RHEL operating system, see https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/security_hardening/switching-rhel-to-fips-mode_security-hardening#federal-information-processing-standards-140-and-fips-mode_switching-rhel-to-fips-mode[Switching RHEL to FIPS mode] in the RHEL documentation.
2. Specify system properties to enable FIPS mode for the JVM and, optionally, to enable debug tracing. +
The `-Dsemeru.fips=true` property specifies that the JVM uses only FIPS certified cryptography, and ensures that the TLS and SSL protocols use only FIPS certified algorithms. The optional `-Djava.security.debug=semerufips` property enables debug tracing. Add these properties to the `jvm.options` file in your Open Liberty server configuration directory, one property per line, as shown in the following example. +
