Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- Configuring FIPS mode in Service Manager
- Download JCE unlimited strength policy files
- Configure Java for FIPS mode
- Generate FIPS validated certificates for the SM Server and other components
- Configure FIPS mode in the Server
- Configure FIPS mode in the Windows Client
- Configure FIPS mode in the Web Tier
- Configure FIPS mode in the Mobility Client
- Configure FIPS mode in Service Request Catalog (SRC)
- Configure FIPS mode in the Solr Search Engine
- Configure FIPS mode in the Chat Server
- Configure FIPS mode in the Chat Service
- Configure FIPS mode in the IdM Service
Generate FIPS validated certificates for the SM Server and other components
Before you can enable FIPS mode in the Service Manager (SM) system, you must obtain a CA certificates file and keystore files in PKCS12 format (with the .p12 file extension) for the SM Server and other components. These certificates are used for FIPS validated TLS connections between the SM Server and other components.
Note In a production environment, you are recommended to use digital security certificates issued by a certificate authority provider, such as Verisign, Thawte, or your corporate certificate authority. The digital certificate contains a public key, the identity of the owner, and a matching private key. The certificate is required to encrypt data sent and received in a “trusted” environment. If you do not have a digital certificate from a provider listed above, you have the option of generating your own certificates to enable encrypted data transfer between the Service manager Server and the trusted clients, as described in the following.
-
Existing customers need to either convert your existing certificates to PKCS12 format or regenerate new PKCS12 certificates.
Caution The SM Server truststore and trusted clients keystore do not contain a private key, and can work correctly in FIPS mode after conversion to PKCS12 format. However, the SM server keystore and client keystores contain a private key. Before converting them to PKCS12 format, make sure their private key was created using either "keytool -genkey -keyalg RSA" or "keytool -genkeypair -keyalg RSA"; otherwise they cannot work correctly in FIPS mode after conversion to PKCS12 format. Before you proceed, make sure the private key of the existing JKS file was created as noted above. If not, you will need to generate a new PKCS12 certificate.
- New customers need to generate PKCS12 certificates for the SM Server, clients (Windows, Web Tier, SRC, and Mobility), as well as the Solr Search Engine server.
About the certificate generation toolkit
As a courtesy, we provide a certificate generation toolkit along with KM02204270 to help you generate PKCS12 certificates or convert existing certificates to PKCS12 format in an automated way.
For detailed instructions on how to use the toolkit for pkcs12 certificate generation or conversion, see the Generate FIPS validated certificates for the SM Server and other components section in KM02204270.
Example file and host names used in the documentation
The example keystore filenames and fully qualified domain names listed in the following table are used in later configuration steps. The example FQDNs assume that these components reside on different hosts. In your environment, if there are components that reside on the same host, you need to generate only one certificate for them.
Component | Keystore | Password | Description | FQDN |
---|---|---|---|---|
N/A | smcacerts.p12 | changeit | CA certificates file | |
SM Server |
trustedclients.p12 sun-server-smserver.mycompany.net.p12 |
trustedclients serverkeystore |
Trusted clients keystore Server keystore |
smserver.mycompany.net |
Windows Client | sun-sun-winhost.mycompany.net.p12 | clientkeystore | Client keystore |
winhost.mycompany.net |
Web Tier | sun-sun-webhost.mycompany.net.p12 | clientkeystore | Client keystore |
webhost.mycompany.net |
Mobility Client | sun-sun-mobilehost.mycompany.net.p12 | clientkeystore | Client keystore |
mobilehost.mycompany.net |
SRC | sun-sun-srchost.mycompany.net.p12 | clientkeystore | Client keystore |
srchost.mycompany.net |
Solr Search Engine | sun-sun-solrhost.mycompany.net.p12 | clientkeystore | Client keystore |
solrhost.mycompany.net |
Chat Server | trustedclients.p12 sun-server-chatserver.mycompany.net.p12 | trustedclients serverkeystore | Trusted clients keystore Server keystore | chatserver.mycompany.net |
Chat Service | sun-sun-chatservicehost.mycompany.net.p12 | clientkeystore | Client keystore | chatservice.mycompany.net |
IdM Service | sun-sun-idmservicehost.mycompany.net.p12 | clientkeystore | Client keystore | idmservice.mycompany.net |
Next step: