Troubleshoot certificate compliance issues

When we enable Security Verify Access applications to implement a security compliance standard, certain settings are required. The required settings apply to the standards of the following security settings:

• FIPS 140-2
• NIST Special Publications 800-131a (or SP 800-131a) Transition
• NIST SP800-131a Strict
• National Security Agency (NSA) Suite B 128 bit
• NSA Suite B 192 bit

To ensure a successful regeneration of the ISAM side of the certificates, see the Administering topics in the IBM Knowledge Center.

WebSphere Application Server, version 8.0, requires certain settings to properly enable compliance. See

http://publib.boulder.ibm.com/infocenter/ieduasst/v1r1m0/index.jsp?topic=/com.ibm.iea.was_v8/was/8.0.0.3/Security/WASV8003_SecurityCryptoSignatureAlgorithm/player.html

For support for NIST SP 800-131 and NSA Suite B, we must use IBM WebSphere Application Server, version 8.0.0.3 or later. Other troubleshooting tips:

• Check browser configuration

  Your browser might not support or not be configured to support the TLS protocol.

  TLS 1.2 is not enabled by default. Check your browser documentation for instructions on how to enable TLS version 1.2.

  For example, for Internet Explorer, version 8 on Windows 7 and Windows 2008, go to Tools > Internet Options > Advanced (Tab) > Security and select Use TLS 1.2.

• Check user registry configuration

  Change an SSL protocol to TLS, version 1.2, can affect communication between WebSphere Application Server and the user registry. If you receive an error message about failed connection, check our user registry configuration.

  The user registry must support TLS, version 1.2, if We use an SSL connection.

Parent topic: Troubleshoot