If Web Server 7.0 has the Java Security Manager enabled, add the following additional permissions to the Web Server 7.0 server.policy file:
permission java.security.SecurityPermission "insertProvider.Mozilla-JSS"; permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS"; permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
Set the password for the internal PKCS11 token using either the Web Server 7.0 Administration Console or CLI command.
For the password requirements in FIPS mode, see http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp814.pdf
For example, to set the password using the Web Server 7.0 wadm command:
wadm> set-token-pin --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --token=internal
Or, to set the password using the Web Server 7.0 Administration Console:
If you modified files in the Web Server 7.0 config directory using modutil or certutil, pull the changes into the Web Server 7.0 Admin Server. For example:
wadm pull-config --user=admin --password-file=path-to-password-file --host=server-host --port=8989 --config=config1 node1
Confirm that FIPS is enabled by restarting the Web Server 7.0 instance. You should see a new prompt for the certdb password or PIN. For example:
> Please enter the PIN for the "NSS FIPS 140-2 Certificate DB" token: