HCL Workload Automation, Version 9.4

Configuring WebSphere Application Server for HCL Workload Automation

To configure WebSphere Application Server for FIPS compliance, perform the following steps:

  1. In the WebSphere Application Server administration interface, click Security > SSL certificate and key management. Select Use the United States Federal Information Processing Standard (FIPS) algorithms and click Apply. Alternatively, you can use wastools, running changeSecurityProperties to change the following parameter: 
     useFIPS=true
  2. In the profile_root/properties/ssl.client.props file, set the following parameters:
    • com.ibm.security.useFIPS=true
    • com.ibm.ssl.protocol=SSL_TLS
  3. If you have an administrative client that uses a SOAP connector, add the following line to the profile_root/properties/soap.client.props file: 
    com.ibm.ssl.contextProvider=IBMJSSEFIPS
  4. Edit the SDK java.security file located in the WASHOME/java_1.8_64/jre/lib/security directory to insert the IBMJCEFIPS provider (com.ibm.crypto.fips.provider.IBMJCEFIPS). IBMJCEFIPS must precede the IBMJCE provider in the provider list.
    The following is an example of the edited SDK java.security file: 
    security.provider.1=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.jsse.IBMJSSEProvider
security.provider.4=com.ibm.jsse2.IBMJSSEProvider2
security.provider.5=com.ibm.security.jgss.IBMJGSSProvider
security.provider.6=com.ibm.security.cert.IBMCertPath
security.provider.7=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
    The following is an example of the edited java.security file if you are using the Oracle Java SE Development Kit: 
    security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.3=com.ibm.crypto.provider.IBMJCE
security.provider.4=com.ibm.jsse.IBMJSSEProvider
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.security.jgss.IBMJGSSProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.i5os.jsse.JSSEProvider
#security.provider.8=com.ibm.crypto.pkcs11.provider.IBMPKCS11
security.provider.9=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
  5. Restart the WebSphere Application Server.
Note: For additional information about WebSphere Application Server and FIPS, see the WebSphere Application Server documentation.