Administer > System security > FIPS mode > Configuring FIPS mode in Service Manager > Configure FIPS mode in the Mobility Client

Configure FIPS mode in the Mobility Client

Once FIPS mode is enabled on the SM Server side, you need to enable FIPS validated data encryption and TLS connections between the Service Manager Server and Mobility Client.

Prerequisites

Before you proceed, make sure of the following:

  1. You have already configured Mobility Client's JRE for FIPS mode. For details, see the Mobility Client section in Configure Java for FIPS mode.

  2. You have already generated a CA certificates file and a client keystore for the Mobility Client host. For details, see Generate FIPS validated certificates for the SM Server and other components.

    • The CA certificates file: \certs\smcacerts.p12
    • The Mobility Client keystore file: \key\sun-sun-<Mobility Client host FQDN>.p12 (for example, sun-sun-mobilehost.mycompany.net.p12)
  3. You have enabled FIPS mode on the SM Server side. For details, see Configure FIPS mode in the Server.

To enable FIPS mode in the Mobility Client, follow these steps:

  1. Copy the certificate files to the Mobility Client's WEB-INF folder (webapp-9.xx.xxxx.war\WEB-INF\):

    • The CA certificates file: smcacerts.p12
    • The Mobility Client keystore file: sun-sun-<Mobility Client host FQDN>.p12 (for example, sun-sun-mobilehost.mycompany.net.p12)
  2. Open the web.properties file in the Mobility Client's WEB-INF folder in a text editor.
  3. Configure the following parameters in the file and then save the file:

    endpoint=https://smserver.mycompany.net:13443/SM/ui
    fipsMode=true
    cacerts=/WEB-INF/smcacerts.p12
    keystore=/WEB-INF/sun-sun-mobilehost.mycompany.net.p12
    keystorePassword=clientkeystore
    cacertsPassword=changeit
    
  4. Restart the Mobility Client's web application server (Tomcat or WebSphere).
  5. Make sure the SM Server is started.
  6. Log in to the Mobility Client.

    If FIPS mode has been enabled correctly in the Mobility Client, you should be logged in successfully.

Next step:

Configure FIPS mode in Service Request Catalog (SRC)