Enabling FIPS 140-2 on WebSphere Liberty Profile
Use this procedure to enable FIPS 140-2 on WebSphere Liberty Profile.
Before you begin
Procedure
-
To enable FIPS 140-2:
- Locate the installation directory of Liberty at <install-dir>\AppScan Enterprise\Liberty\usr\servers\ase.
- Add the -Dorg.bouncycastle.fips.approved_only=true property to the jvm.options file to enable the BouncyCastle provider to run in FIPS 140-2 mode.
- Go to <install-dir>\AppScan Enterprise\Liberty\jre\conf\security directory.
- In a text editor, edit the java.security master security properties file to register additional cryptographic package providers.
-
Locate the list of cryptographic providers after the line:
# List of providers and their preference orders
Replace the current list of providers with the updated one below:
Current list:
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunMSCAPI
security.provider.13=SunPKCS11Replace with this updated list:
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
security.provider.2=SUN
security.provider.3=SunRsaSign
security.provider.4=SunEC
security.provider.5=SunJSSE
security.provider.6=SunJCE
security.provider.7=SunJGSS
security.provider.8=SunSASL
security.provider.9=XMLDSig
security.provider.10=SunPCSC
security.provider.11=JdkLDAP
security.provider.12=JdkSASL
security.provider.13=SunMSCAPI
security.provider.14=SunPKCS11 - Save and close the file, and then rerun the configuration wizard.