Enable FIPS mode for Linux - User Replication Agent Installation and Setup Guide - Foundation 24.1 - Foundation 24.1 - Ready - Perceptive Content - external

To enable FIPS mode for Linux, complete the following steps.

1. To create a certificate database, enter the following command.

   modutil -create -dbdir [path to database directory]

2. Configure the certificate database to enable FIPS mode.

   modutil -fips true -dbdir [path to database directory]

3. Verify FIPS mode is enabled.

   modutil -chkfips true -dbdir [path to database directory]

4. To obtain the token name of the FIPS module, list the database modules.

   modutil -list -dbdir [path to database directory]

5. To initialize a password for the FIPS token, use the following command.

   modutil -dbdir [path to database directory] -changepw [FIPS token name]

6. To import your LDAP server certificate into a Network Security Services (NSS) Tools certificate database, in a command window, enter the following command.

   certutil -A -n [certificate nickname] -t [trust attributes] -i [path to certificate file] -d [path to database directory]

7. Configure the following inow.ini settings.
   • ldap.ssl.cert.path
   • ldap.ssl.cert.fips.token
   • ldap.ssl.cert.fips.password

   For more information, see inow.ini [Logon Control] settings.
8. To enable auditing, configure the following environment variable.

   NSS_ENABLE_AUDIT=1