To comply with the US government SP 800-131 security standard, you can configure the WebSphere® Application Server that hosts Rational® solution for CLM applications to support the Transport Layer Security (TLS) 1.2 protocol.
Procedure
1.Log in to the WebSphere Application Server Integrated Solutions Console.
2.Click Security > SSL certificate and key management, and under Related Items, click SSL configurations.
3.Click the default SSL settings link to open it and, under Additional Properties, click Quality of protection (QoP) settings.
For the protocol, ensure that TLSv1.2 is selected, for the Cipher suite groups, ensure that Strong is selected, and then click Update selected ciphers.
4.Click OK and save directly to the master configuration.
5.Click the SSL certificate and key management link and then click Manage FIPS.
In the Manage FIPS window, click Enable SP800-131 and then select Strict.
Click OK.
Under Related Items, click Convert certificates.
Ensure that the Algorithm setting is Strict.
For the New certificate key size, select 2048 bits.
6.Click OK and save directly to the master configuration.
7.Go to WAS_Profile_Dir/properties and open the ssl.client.props file for editing.
Search for com.ibm.security.useFIPS and change the property to true.
Search for com.ibm.websphere.security.FIPSLevel and if the line does not exist add it, and then set the property to SP800-131.
Search for com.ibm.ssl.protocol and change the property to TLSv1.2.
8.Click Server > Server Types > WebSphere application servers and then click server1 to open it.
Under Server Infrastructure, click Java and Process Management > Process definition.
Under Additional Properties, click Java Virtual Machine and then click Custom properties.
9.Add the following three custom properties:
com.ibm.team.repository.transport.client.protocol with a value of TLSv1.2
com.ibm.jsse2.sp800-131 with a value of strict
com.ibm.rational.rpe.tls12only with a value of true
10.Restart the application server.
Procedure
1.Log in to the WebSphere Application Server Integrated Solutions Console.
2.Click Security > SSL certificate and key management, and under Related Items, click SSL configurations.
3.Click the default SSL settings link to open it and, under Additional Properties, click Quality of protection (QoP) settings.
For the protocol, ensure that TLSv1.2 is selected, for the Cipher suite groups, ensure that Strong is selected, and then click Update selected ciphers.
4.Click OK and save directly to the master configuration.
5.Click the SSL certificate and key management link and then click Manage FIPS.
In the Manage FIPS window, click Enable SP800-131 and then select Strict.
Click OK.
Under Related Items, click Convert certificates.
Ensure that the Algorithm setting is Strict.
For the New certificate key size, select 2048 bits.
6.Click OK and save directly to the master configuration.
7.Go to WAS_Profile_Dir/properties and open the ssl.client.props file for editing.
Search for com.ibm.security.useFIPS and change the property to true.
Search for com.ibm.websphere.security.FIPSLevel and if the line does not exist add it, and then set the property to SP800-131.
Search for com.ibm.ssl.protocol and change the property to TLSv1.2.
8.Click Server > Server Types > WebSphere application servers and then click server1 to open it.
Under Server Infrastructure, click Java and Process Management > Process definition.
Under Additional Properties, click Java Virtual Machine and then click Custom properties.
9.Add the following three custom properties:
com.ibm.team.repository.transport.client.protocol with a value of TLSv1.2
com.ibm.jsse2.sp800-131 with a value of strict
com.ibm.rational.rpe.tls12only with a value of true
10.Restart the application server.
No comments:
Post a Comment