Configuring the server to achieve FIPS compliance

You can assure compliance with the FIPS 140-2 standard by modifying the configuration properties for the underlying application server.


  1. Edit your file that is in the following directory: installation_dir/jre/lib/security/. Put the before the IBMJCE one in the provider list. Ensure that the list is correctly numbered.
  2. Add the property to the jvm.options file. The property allows the Java Secure Socket Extension (JSSE2) provider to run in FIPS 140-2 mode.
    Note: Your certificates must have a key that is at least 1024 bits long and can be signed with a DSA or RSA signature algorithm. You can use the IBM keytool utility to generate a compatible key pair.
  3. To use the TLS protocol, configure secure communication.

    A number of ciphers are supported by FIPS 140-2. The default HTTPS configuration automatically enables the FIPS 140-2 compliant ciphers when JSSE is running in FIPS mode. You can enable specific ciphers by listing them in the enabledCiphers attribute of the SSL service configuration element in the server.xml file.