Enabling FIPS compliance on a server installation with a stand-alone WebSphere Application Server

About this task

The IBM® BigFix® Remote Control Server uses the middleware infrastructure that is provided by WebSphere® secure HTTP communications. Therefore, to enable FIPS for a manual IBM BigFix Remote Control Server installation requires that you configure WebSphere for FIPS-compliant mode. You must also configure the IBM BigFix Remote Control Server through a setting in the common.properties configuration file.

To enable FIPS compliance for a manual installation, complete the following steps:

Procedure

  1. Configure WebSphere
    The WebSphere documentation describes how to enable FIPS mode in WebSphere.
    Note: Running in FIPS mode in IBM WebSphere with the IBM JRE and the IBM JSSE provider currently does not work when you use an MS SQL database. These options work with MS SQL when FIPS is not enabled in IBM WebSphere.
  2. Log on to the IBM BigFix Remote Control Server with a valid admin ID and password.
  3. Click Admin > Edit properties files
  4. In the common.properties file set FIPS.compliance to true.
  5. Click Submit.
  6. Click Admin > Reset Application.

Results

Note: The FIPS enablement changes in WebSphere affect all other applications that are running on the server. Therefore, browser settings for the users who access the other applications must be changed to support Transport Layer Security (TLS), if required by their browser version.

For example, to enable TLS in Internet Explorer complete the following steps:

  • Click Tools > Internet Options.
  • On the Advanced tab, select Use TLS 1.0.
  • Click Apply
  • Click OK.