You can configure Netcool®/Impact for compliance with the Federal
Information Processing Standard (FIPS) when you first enable SSL, or at any time after you enable
SSL. Or you can choose to enable SSL without FIPS (run with FIPS disabled).
About this task
When Setting up SSL communication, Netcool/Impact uses the
configImpactSSL script, which is also used to configure FIPS-compliant mode.
The configImpactSSL script is in $IMPACT_HOME/install/security
directory on UNIX systems. The commands that are outlined in
the following procedure use the keystorepass variable, which is the keystore
password that is set during the Netcool/Impact installation.
Note: FIPS does not work at TLSv1.3 level
Procedure
Enabling FIPS-compliant mode when enabling SSL
- To enable FIPS-compliant mode when you are enabling SSL
on Netcool/Impact,
in your command window, enter the following command.
On UNIX systems, enter configImpactSSL.sh enable
<keystorepass> -fips
Note: In a clustered environment restart the primary server first, followed by the secondary
server.
Enabling FIPS-compliant mode after having enabled SSL without FIPS
- To enable FIPS-compliant mode after previously enabling SSL without FIPS, enter the
following commands in your command window.
- Run the disable SSL command:
- On UNIX systems, enter
configImpactSSL.sh disable
<keystorepass>
- Then enable SSL with FIPS using the following command:
- On UNIX systems, enter
configImpactSSL.sh enable
<keystorepass> -fips
- Restart the server after you run the script.
Note: In a clustered environment restart the primary server first, followed by the secondary
server.
Going from SSL with FIPS to SSL without FIPS
- To go from SSL with FIPS to SSL without FIPS, run the following commands:
configImpactSSL.sh disable <keystorepass>
configImpactSSL.sh enable <keystorepass>
Note: In a clustered environment restart the primary server first, followed by the secondary
server.
Enabling SSL without FIPS (disabling FIPS)
- To enable SSL without FIPS on Netcool/Impact, in your command window, enter
the following command.
On UNIX systems, enter configImpactSSL.sh enable
<keystorepass>
Note: In a clustered environment restart the primary server first, followed by the secondary
server.