Enabling the FIPS-140 Standard for Sun Java System Web Server 7.0
To enable the FIPS-140 Standard for Web Server 7.0, you must change the certdb password and enable FIPS mode as true. (By default, Web Server 7.0 sets the password to blank for its certdb.)
To Enable the FIPS-140 Standard for Web Server 7.0
-
Set the password for the internal PKCS11 token using either the Web Server 7.0 Admin Console or CLI command.
To Set the Password Using the Web Server 7.0 Admin
Console
-
Log in to the Admin Console.
-
Go to the configuration page in the Admin console.
-
Click the Certificates > PKCS11 Tokens tab.
-
Click the PKCS11 token name (default is internal).
-
Select the Token State checkbox.
-
Enter the password information.
-
Save your changes.
To Set the Password Using Web Server 7.0 CLI
-
Execute the wadm command. For example:
wadm> set-token-pin -user=admin -password-file=admin.pwd -host=serverhost -port=8989 -config=config1 -token=internal
To Enable FIPS mode for Web Server 7.0 With modutil
-
Use modutil in the WS70_ROOT/bin directory. For example:
modutil -fips true -dbdir location-of-your-nss-database
By default, the NSS database is in the config directory for the Web Server 7.0 instance.
To Pull the Changes into the Admin Server
-
If you use certutil or modutil to modify files in the config directory, you must pull the changes into the Web Server 7.0 Admin Server. For example, using wadm:
wadm pull-config -user=admin -password-file=_admin-pwfile_ -host=_server-host_ -port=8989 -config=config1 node1
To Test the FIPS Mode Change
- © 2010, Oracle Corporation and/or its affiliates