The version of OpenSSL that is shipped with vRealize Operations Manager 6.3 and later releases is FIPS 140-2 certified. However, the FIPS mode is not enabled by default.
You can enable the FIPS mode if there is a security compliance requirement to use FIPS certified cryptographic algorithms with the FIPS mode enabled.
- To replace the mod_ssl.so file run the following command:
cd /usr/lib64/apache2-prefork/ cp mod_ssl.so mod_ssl.so.old cp mod_ssl.so.FIPSON.openssl1.0.2 mod_ssl.so
- Modify your Apache2 configuration by editing the /etc/apache2/ssl-global.conf file.
- Search for the
<IfModule mod_ssl.c>line and add the
SSLFIPS ondirective below it.
- To reset the Apache configuration, run the service apache2 restart command.