SSL Configuration for FIPS ONLY Mode

For an installation of the Agent for SharePoint in FIPS ONLY mode, the required configuration for SSL support is listed in the following procedure.

follow these steps:

Verify OPENSSL_FIPS environment variable is set to 1 and that the CA_SM_PS_FIPS140 environment variable is set to ONLY.
Generate a server key. Specify the size of key as at least 1024 KB. Be sure that the algorithm (des3 in the example following) is FIPS-compliant. For example:
```
openssl genrsa -des3 -out server.key 1024
```

Generate a Certificate Signing Request (CSR) as shown in this example:

openssl req -config openssl.cnf -new -key server.key -out server.csr

Have the certificate signed by a Certificate Authority (CA).
Install the signed certificate.
Verify that in the httpd-ssl.conf file the directives/paths of the server key and certs are correct.
Verify that the value of the SSLPassPhraseDialog variable in the httpd-ssl.conf file (located in Agent-for-SharePoint_home\httpd\conf\extra folder) is set to custom.
Verify that the value of the SSLCustomPropertiesFile variable is set to <Agent-for-SharePoint_home>/Tomcat/properties/spsssl.properties.
Enable SSL on the Agent for SharePoint as follows:
On UNIX
1. Enter the following command:
```
Agent-for-SharePoint_home/proxy-engine/configssl.sh passphrase 
```
  Note: The passphrase is the same one provided to the key in Step 2.
  
  This command encrypts the passphrase and stores it in spsssl.properties file.
2. Enter the following command:
```
Agent-for-SharePoint_home/proxy-engine/sps-ctl startssl
```
  SSL is enabled.

On Windows