Go to main content

Oracle® VM Server for SPARC 3.6 Administration Guide

Exit Print View

Updated: September 2019
 
 

How to Run Logical Domains Manager in FIPS 140-2 Mode

Before You Begin

Before you can run the Logical Domains Manager in FIPS 140-2 mode, ensure that you are running at least version 3.2 of the Logical Domains Manager and that the primary domain runs at least the Oracle Solaris 11.2 OS.

  1. Install and enable the FIPS 140-2 OpenSSL mediator.
    1. Install the FIPS 140-2 OpenSSL mediator if necessary.

      This package should be installed by default when you install the Oracle Solaris 11.2 OS.

      # pkg install openssl-fips-140
    2. List the current OpenSSL mediator.
      # pkg mediator openssl
      MEDIATOR VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
      openssl  vendor            local      default
    3. List the available OpenSSL mediators.
      # pkg mediator -a openssl
      MEDIATOR VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
      openssl  vendor            vendor     default
      openssl  system            system     fips-140

      Caution

      Caution  - The OpenSSL implementation to which you switch must exist in the system. If you switch to an implementation that is not in the system, the system might become unusable.


    4. Enable the FIPS 140-2 mediator.
      # pkg set-mediator -I fips-140 openssl
    5. Reboot.
      # reboot
    6. Confirm that the FIPS 140-2 mediator is set.
      # pkg mediator openssl
          MEDIATOR     VER. SRC. VERSION IMPL. SRC. IMPLEMENTATION
          openssl      system            local      fips-140
  2. Configure the ldmd Daemon to use FIPS 140-2 mode.
    1. Put the ldmd daemon in FIPS 140-2 mode.
      # svccfg -s ldoms/ldmd setprop ldmd/fips1402_enabled = true
    2. Restart the ldmd daemon.
      # svcadm refresh ldmd
      # svcadm restart ldmd