Enabling and disabling FIPS

You can configure Netcool®/Impact for compliance with the Federal Information Processing Standard (FIPS) when you first enable SSL, or at any time after you enable SSL. Or you can choose to enable SSL without FIPS (run with FIPS disabled).

Enabling FIPS-compliant mode when enabling SSL

• To enable FIPS-compliant mode when you are enabling SSL on Netcool/Impact, in your command window, enter the following command.

  On UNIX systems, enter configImpactSSL.sh enable <keystorepass> -fips

  Note: In a clustered environment restart the primary server first, followed by the secondary server.

Enabling FIPS-compliant mode after having enabled SSL without FIPS

• To enable FIPS-compliant mode after previously enabling SSL without FIPS, enter the following commands in your command window.
  1. Run the disable SSL command:
     • On UNIX systems, enter configImpactSSL.sh disable <keystorepass>
  2. Then enable SSL with FIPS using the following command:
     • On UNIX systems, enter configImpactSSL.sh enable <keystorepass> -fips
  3. Restart the server after you run the script.
     Note: In a clustered environment restart the primary server first, followed by the secondary server.

Going from SSL with FIPS to SSL without FIPS

• To go from SSL with FIPS to SSL without FIPS, run the following commands:

  configImpactSSL.sh disable <keystorepass>
  configImpactSSL.sh enable <keystorepass>

  Note: In a clustered environment restart the primary server first, followed by the secondary server.

Enabling SSL without FIPS (disabling FIPS)

• To enable SSL without FIPS on Netcool/Impact, in your command window, enter the following command.

  On UNIX systems, enter configImpactSSL.sh enable <keystorepass>

  Note: In a clustered environment restart the primary server first, followed by the secondary server.