Enabling TLS-secure listeners  Upgrading the test CA and sample certificates

Chapter 9: Using TLS and FIPS in EAServer

Enabling FIPS

You can enable or disable FIPS from either:

If FIPS mode is enabled, EAServer logs the message FIPS 140-2 mode enabled to the console. If the mode is not set, no message is logged.

Enabling FIPS has the following effect on EAServer:

Enabling FIPS mode from EAServer Manager and Security Manager

You can enable or disable FIPS on EAServer from EAServer Manager. Or use the standalone Security Manager to enable or disable FIPS in client-side applications, such as PowerBuilder, stand-alone Java, C++, CORBA, Web server redirectors, and so on.

Expand the EAServer Manager (or Security Manager) icon, highlight the Cryptographic Modules folder, and select the FIPS mode icon. A dialog box displays Enabled or Disabled and allows you to change the setting.

StepsEnabling FIPS from EAServer Manager or Security Manager

  1. Select the Certificates folder.

  2. Select the Cryptographic Modules folder. Enter the PIN that allows you to connect to the EAServer’s PKCS #11 token. The default value is “sybase”.

  3. Right-click the FIPS mode icon and select Properties. Click the Enable FIPS mode check box to enable FIPS.

  4. Restart each server or Web server (for redirector plug-ins) for which you want to enable FIPS. If there are multiple EAServers, you must restart each one to enable FIPS. The same is true if you disable FIPS.

Disabling TLS support

To disable TLS support, and only support SSL, set the environment variable JAGSSL to true in the serverstart.bat file before you start EAServer. You can also set this environment variable in an EAServer client installation:

set JAGSSL=true

Copyright © 2005. Sybase Inc. All rights reserved. Upgrading the test CA and sample certificates