The version of OpenSSL that is shipped with vRealize Operations Manager 6.3 and later releases is FIPS 140-2 certified. However, the FIPS mode is not enabled by default.

About this task

You can enable the FIPS mode if there is a security compliance requirement to use FIPS certified cryptographic algorithms with the FIPS mode enabled.

Procedure

  1. To replace the mod_ssl.so file run the following command:
    cd /usr/lib64/apache2-prefork/
    cp mod_ssl.so mod_ssl.so.old
    cp mod_ssl.so.FIPSON.openssl1.0.2 mod_ssl.so
    
  2. Modify your Apache2 configuration by editing the /etc/apache2/ssl-global.conf file.
  3. Search for the <IfModule mod_ssl.c> line and add the SSLFIPS on directive below it.
  4. To reset the Apache configuration, run the service apache2 restart command.