To enable the FIPS-140 Standard for Web Server 7.0, you must change the certdb password and enable FIPS mode as true. (By default, Web Server 7.0 sets the password to blank for its certdb.)
Set the password for the internal PKCS11 token using either the Web Server 7.0 Admin Console or CLI command.
Log in to the Admin Console.
Go to the configuration page in the Admin console.
Click the Certificates > PKCS11 Tokens tab.
Click the PKCS11 token name (default is internal).
Select the Token State checkbox.
Enter the password information.
Save your changes.
Execute the wadm command. For example:
wadm> set-token-pin -user=admin -password-file=admin.pwd -host=serverhost -port=8989 -config=config1 -token=internal
Use modutil in the WS70_ROOT/bin directory. For example:
modutil -fips true -dbdir location-of-your-nss-database
By default, the NSS database is in the config directory for the Web Server 7.0 instance.
If you use certutil or modutil to modify files in the config directory, you must pull the changes into the Web Server 7.0 Admin Server. For example, using wadm:
wadm pull-config -user=admin -password-file=_admin-pwfile_ -host=_server-host_ -port=8989 -config=config1 node1