HCL Workload Automation, Version 9.4

Configuring WebSphere Application Server for HCL Workload Automation

To configure WebSphere Application Server for FIPS compliance, perform the following steps:

  1. In the WebSphere Application Server administration interface, click Security > SSL certificate and key management. Select Use the United States Federal Information Processing Standard (FIPS) algorithms and click Apply. Alternatively, you can use wastools, running changeSecurityProperties to change the following parameter:
     useFIPS=true 
  2. In the profile_root/properties/ssl.client.props file, set the following parameters:
    • com.ibm.security.useFIPS=true
    • com.ibm.ssl.protocol=SSL_TLS
  3. If you have an administrative client that uses a SOAP connector, add the following line to the profile_root/properties/soap.client.props file:
    com.ibm.ssl.contextProvider=IBMJSSEFIPS
  4. Edit the SDK java.security file located in the WASHOME/java_1.8_64/jre/lib/security directory to insert the IBMJCEFIPS provider (com.ibm.crypto.fips.provider.IBMJCEFIPS). IBMJCEFIPS must precede the IBMJCE provider in the provider list.
    The following is an example of the edited SDK java.security file:
    security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
    security.provider.2=com.ibm.crypto.provider.IBMJCE
    security.provider.3=com.ibm.jsse.IBMJSSEProvider
    security.provider.4=com.ibm.jsse2.IBMJSSEProvider2
    security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
    security.provider.6=com.ibm.security.cert.IBMCertPath
    security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11
    security.provider.8=com.ibm.security.cmskeystore.CMSProvider
    security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
    The following is an example of the edited java.security file if you are using the Oracle Java SE Development Kit:
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
    security.provider.3=com.ibm.crypto.provider.IBMJCE
    security.provider.4=com.ibm.jsse.IBMJSSEProvider
    security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
    security.provider.6=com.ibm.security.jgss.IBMJGSSProvider
    security.provider.7=com.ibm.security.cert.IBMCertPath
    security.provider.8=com.ibm.i5os.jsse.JSSEProvider
    #security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
    security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
  5. Restart the WebSphere Application Server.
Note: For additional information about WebSphere Application Server and FIPS, see the WebSphere Application Server documentation.