10.2.2. Enabling FIPS Mode for Applications Using NSS

The procedure for enabling FIPS mode on Red Hat Enterprise Linux systems described in Section 10.2.1, “Enabling FIPS Mode” does not affect the FIPS state of Network Security Services (NSS), and thus does not affect applications using NSS. When required, the user can switch any NSS application to FIPS mode using the following command:

~]# modutil -fips true -dbdir dir

Replace dir with the directory specifying the NSS database used by the application. If more than one NSS application uses this database, all these applications will be switched into FIPS mode. The applications have to be restarted for the NSS FIPS mode to take effect.

Provided that the nss-sysinit package is installed, and the application whose NSS database you need to locate opens the /etc/pki/nssdb file, the path to the user NSS database is ~/.pki/nssdb.

To enable FIPS mode for the Firefox web browser and the Thunderbird email client, go to Edit Preferences Advanced Certificates Security Devices Enable FIPS.