The vRealize Automation appliance now uses the Federal Information Processing Standard (FIPS) 140-2 certified version of OpenSSL for data-in-transit over TLS on all inbound and outbound network traffic.

About this task

You can enable or disable FIPS mode in the vRealize Automation virtual appliance management interface. You can also configure FIPS from the command line while logged in as root, using the following commands:

vcac-vami fips enable
vcac-vami fips disable
vcac-vami fips status

When FIPS is enabled, inbound and outbound vRealize Automation appliance network traffic on port 443 uses FIPS 140–2 compliant encryption. Regardless of the FIPS setting, vRealize Automation uses AES–256 to protect secured data stored on the vRealize Automation appliance.

Note:

Currently vRealize Automation only partially enables FIPS compliance, because some internal components do not yet use certified cryptographic modules. In cases where certified modules have not yet been implemented, the AES–256 based encryption is used in all cryptographic algorithms.

Procedure

  1. Log in as root to the vRealize Automation appliance management interface.

    https:// vrealize-automation-appliance-FQDN:5480

  2. Select vRA Settings > Host Settings.
  3. Click the button under the Actions heading on the upper right to enable or disable FIPS.
  4. Click Yes to restart the vRealize Automation appliance