This section explains how to copy required files and configure the FIPS-supported redirector plug-in for Apache. It assumes you have already installed and configured the plug-in for non-FIPS use and updated this installation by following the instructions described in “Adding FIPS and TLS support to the Web server redirector plug-ins”.
Edit the httpd.conf file to load the FIPS-supported redirector module. The following lines illustrate a sample httpd.conf file that supports FIPS and TLS. The only difference from a non-FIPS sample is that the file libjeas2_mod.sl is replaced with libjeas2_mod_f140.sl. For example:
LoadModule easredirector_module lib/libjeas2_mod_f140.sl EASConfigFile WEB_SERVER_HOME/conf/conn_config ServerName www.myhost.com <LocationMatch /examples/*|/estore/* > SetHandler eas-handler </LocationMatch>
Copy the required libraries. When you initially installed the non-FIPS-supported Apache Web server plug-in, and used WEB_SERVER_HOME as the location of the Apache Web server software, you copied the libraries listed below from your $JAGUAR/lib directory to the WEB_SERVER_HOME/lib directory:
libjcc.sl
libjcomm_r.sl
libjctssecct.sl
libjeas2_mod.sl
libjeas2eapi_mod.sl
libjinsck_r.sl
libjintl_r.sl
libjspks_r.sl
libjsybscl_r.sl
libjsybcki_r.sl
libjtml_r.sl
libjutils.sl
To support FIPS and TLS, you must copy the following libraries from the EAServer/lib subdirectory that was created when you ran the EAServer 5.2 installation program into the WEB_SERVER_HOME/lib directory:
libdefaultsbg.sl
libjctssecct_f140.sl
libjsbgpks_r.sl
libjeas2_mod_f140.sl (Apache version 2.0 FIPS-supported library)
libjsybckif140_r.sl
libsbgse2.sl
Verify that the Web redirector plug-in still works for your HTTP connections.
Enable FIPS for the redirector plug-in and establish HTTPS connections. See “Managing FIPS for the redirector plug-ins”