Previous Topic: Predefined Queries and Reports for FIPS ModeNext Topic: Repair a FIPS-Only Agent Connected to r12 Component

Client Automation Security FeaturesFIPS-Compliant CryptographyConfigure FIPS-Compliance for DSM Web Components

Configure FIPS-Compliance for DSM Web Components

You must configure your Web Console, browser, and the web server to help ensure that the communication between web components and other DSM components is FIPS-compliant.

To configure FIPS-compliance for Client Automation Web Console

  1. Configure SSL between the following components:
    1. Client browser and Client Automation Web Console
    2. Client Automation Web Console and Client Automation web services

    Note: For more information about configuring TLS 1.0 on IIS, see the green paper titled Securing the Web Admin Console Communication Using SSL. For more information about configuring TLS 1.0 on Apache web server, see the Apache web server documentation.

  2. Configure your browser to use TLS 1.0 for communication. For more information, see the browser documentation.
  3. Configure SSL with FIPS-compliance on your web server. For information, see the your web server documentation.
  4. Modify the settings in the Install_Path\Web Console\webapps\wac\WEB-INF\classes\com\ca\wac\config\WACConfig.properties file as follows: 
    AMS_URL=https://hostname/AMS/login.do
WEBSERVICE_URL=https://hostname/UDSM_R11_WebService/mod_gsoap.dll (For Windows)
WEBSERVICE_URL=https://hostname/UDSM_R11_WebService (For Linux)
SSL_Enabled=True
TrustStoreFileFullPath=truststorepath
TrustStorePassword=password

    The Web Console is configured to use TLS for all the communication.

  5. Restart tomcat using the following commands: 
    caf stop tomcat
caf start tomcat

    The updated configurations take effect after tomcat is restarted successfully.