SiteMinder Agent for SharePoint GuideAdvanced OptionsSSL and the Agent for SharePoint › SSL Configuration for FIPS COMPAT and MIGRATE Modes

Previous Topic: Install a Signed Certificate

Next Topic: SSL Configuration for FIPS ONLY Mode

SSL Configuration for FIPS COMPAT and MIGRATE Modes

The procedure for enabling SSL on the Agent for SharePoint varies slightly depending on the FIPS mode. In a new installation with FIPS in COMPAT or MIGRATE mode, configure SSL with the following steps. With a new installation or migration to FIPS in ONLY mode, additional steps are required.

follow these steps:

  1. Enter the following command to generate a Private RSA Key (also referred as the server key): 
    openssl genrsa -des3 -out server.key
  2. To remove the encryption from a private key, follow these steps:
    1. Make a copy of the encrypted key as a backup, for example:
    2. copy server.key server.key.org
  3. Enter the following command to remove encryption: 
    openssl rsa -in server.key.org -out server.key
  4. Enter the following command to generate a Certificate Signing Request (CSR): 
    openssl req -config openssl.cnf -new -key server.key -out server.csr
  5. Have the certificate signed by a Certificate Authority (CA).
  6. Install the signed certificate.
  7. Verify that httpd-ssl.conf file is pointing to correct directives/paths of server key and certs.
  8. Enable SSL on the Agent for SharePoint:

    On UNIX:

    Agent-for-SharePoint_home/proxy-engine/sps-ctl startssl

    On Windows:

    Agent-for-SharePoint_home\httpd\bin\configssl.bat -enable
  9. Restart the Agent for SharePoint.

    The Agent for SharePoint is configured for SSL.

If at a later time you want to run without SSL, enter this command:

Agent-for-SharePoint_home\httpd\bin\configssl.bat -disable.