The version of OpenSSL that is shipped with vRealize Operations Manager 6.3 and later releases is FIPS 140-2 certified. However, the FIPS mode is not enabled by default.

You can enable the FIPS mode if there is a security compliance requirement to use FIPS certified cryptographic algorithms with the FIPS mode enabled.

Enabling FIPS mode:
  1. Log in to each cluster node as root using SSH or console.
  2. Open the /etc/httpd/httpd.conf file in a text editor.
  3. Add SSLFIPS on at the end of the config file.
  4. Save and close the file.
  5. Reset the Apache configuration with the service httpd restart command.
Verifying FIPS mode:
  1. After an httpd service restart, open the /var/log/httpd/error.log log file.
  2. Search for the log event called Operating in SSL FIPS mode.
Disabling FIPs mode:
  1. Log in to each cluster node as root using SSH or console.
  2. Open the /etc/httpd/httpd.conf file in a text editor.
  3. Search for the SSLFIPS line and replace SSLFIPS on with SSLFIPS off.
  4. Reset the Apache configuration with the service httpd restart command.