The vRealize Automation appliance now uses the Federal Information Processing Standard (FIPS) 140-2 certified version of OpenSSL for data-in-transit over TLS on all inbound and outbound network traffic.
You can enable or disable FIPS mode in the vRealize Automation appliance management interface. You can also configure FIPS from the command line while logged in as root, using the following commands:
vcac-vami fips enable vcac-vami fips disable vcac-vami fips status
When FIPS is enabled, inbound and outbound vRealize Automation appliance network traffic on port 443 uses FIPS 140–2 compliant encryption. Regardless of the FIPS setting, vRealize Automation uses AES–256 to protect secured data stored on the vRealize Automation appliance.
Currently vRealize Automation only partially enables FIPS compliance, because some internal components do not yet use certified cryptographic modules. In cases where certified modules have not yet been implemented, the AES–256 based encryption is used in all cryptographic algorithms.
The following procedure will reboot the physical machine when you alter the configuration.
- Log in as root to the vRealize Automation appliance management interface.
- Select .
- Click the button under the Actions heading on the upper right to enable or disable FIPS.
- Click Yes to restart the vRealize Automation appliance