Enable FIPS
IBM WebSphere Portal tolerates IBM WAS support of Federal Information Processing Standards (FIPS). Configure WAS to activate FIPS 140-2 compliant security modules. When you enable FIPS, we can use only FIPS to securely encrypt data. For this reason, also configure FIPS for systems that require secure transactions, which can include HTTP servers and LDAP servers.
- Install WebSphere Portal before enabling FIPS.
- If the portal environment includes an HTTP server or LDAP server or any other components that use secure connections, consult the related links section to determine the level of support for FIPS 140-2. However, the environment does not need to include an HTTP server or LDAP server. We can enable FIPS on an out-of-box WebSphere Portal installation. Likewise, you do not have to enable FIPS for systems that do not require secure transactions.
For example, if the LDAP server is accessed via the LDAP protocol, rather than the secure LDAPS protocol, you do not need to enable FIPS for that LDAP server.
The tasks involved in enabling FIPS are specific to Web servers and WAS and do not involve any configuration steps in WebSphere Portal. The WAS Information Center contains several topics with information and instructions for enabling FIPS for HTTP servers. Refer to these topics as appropriate to learn whether you should enable FIPS and, if necessary, what steps to perform.
- HTTP servers
- See Securing applications at the transport level for Web services in the WAS Information Center for instructions. Configure the HTTP server to support TLS with FIPS enabled. Refer to the appropriate documentation for instructions.
- LDAP servers
- Refer to the appropriate documentation to configure the LDAP over SSL and to enable FIPS.
Remember: Enable FIPS for your LDAP server only if it requires a secure connection. If you do not use an LDAP server or you do not connect to the LDAP server over a secure connection, you do not need to enable FIPS for an LDAP server.
Parent: Securing
Related:
Federal Information Processing StandardsWAS Network Deployment v8.0: Securing applications at the transport level for Web services