Chapter 5. Running Directory Server in FIPS mode
Directory Server fully supports the Federal Information Processing Standard (FIPS) 140-2. When you run Directory Server run in FIPS mode, security-related settings change. For example, SSL is automatically disabled and only TLS 1.2 and 1.3 encryption is used.
5.1. Enabling the FIPS mode
To use Directory Server in Federal Information Processing Standard (FIPS) mode, enable the mode in RHEL and Directory Server.
Prerequisites
- You enabled the FIPS mode in RHEL.
Procedure
Enable the FIPS mode for the network security services (NSS) database:
# modutil -dbdir /etc/dirsrv/slapd-instance_name/ -fips true
Restart the instance:
#
dsctl instance_name restart
Verification
Verify that FIPS mode is enabled for the NSS database:
# modutil -dbdir /etc/dirsrv/slapd-instance_name/ -chkfips true FIPS mode enabled.
The command returns
FIPS mode enabled
, if the module is in FIPS mode.