10.2.2. Enabling FIPS Mode for Applications Using NSS


The procedure for enabling FIPS mode on Red Hat Enterprise Linux systems described in Section 10.2.1, “Enabling FIPS Mode” does not affect the FIPS state of Network Security Services (NSS), and thus does not affect applications using NSS. When required, the user can switch any NSS application to FIPS mode using the following command:
~]# modutil -fips true -dbdir dir
Replace dir with the directory specifying the NSS database used by the application. If more than one NSS application uses this database, all these applications will be switched into FIPS mode. The applications have to be restarted for the NSS FIPS mode to take effect.
Provided that the nss-sysinit package is installed, and the application whose NSS database you need to locate opens the /etc/pki/nssdb file, the path to the user NSS database is ~/.pki/nssdb.
To enable FIPS mode for the Firefox web browser and the Thunderbird email client, go to Edit Preferences Advanced Certificates Security Devices Enable FIPS.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.