FIPS-related jagtool commands

This section describes the jagtool commands getfipsmode and setfipsmode. For complete instructions on using jagtool, see Chapter 12, “Using jagtool and jagant” in the EAServer System Administration Guide.

getfipsmode

Displays true if FIPS is enabled for an EAServer client or server’s runtime; false if FIPS is not enabled.

Syntax

Local mode support: No.

Command line:

getfipsmode [ connect-args ] -pkcs11pin value -active value

Ant build file, specifying properties from an optional file:

<jag_get_fipsmode pkcs11pin=”value” active=”true” />

Ant build file, specifying properties directly:

<jag_get_fipsmode pkcs11pin=”value” >
  <active=”true” />
   ....
</jag_enablefips>

Option	Description	Required
connect-args	Arguments to specify a connection to the server or run in local mode. In connected mode, jagtool connects to an EAServer using a network connection.	Yes
pkcs11pin	The PIN of the PKCS #11 module.	Yes
active	Returns the mode that the client or server is using. True if in FIPS mode; false if not.	Yes

Option

Description

Required

connect-args

Arguments to specify a connection to the server or run in local mode.

In connected mode, jagtool connects to an EAServer using a network connection.

Yes

pkcs11pin

The PIN of the PKCS #11 module.

Yes

active

Returns the mode that the client or server is using. True if in FIPS mode; false if not.

Yes

Examples

Example 2

This example indicates whether or not FIPS is enabled for the PKCS #11 module, which is using the default PIN.

Command line:

jagtool getfipsmode -pkcs11pin sybase -active true

Ant build file:

<jag_get_fipsmode pkcs11pin="sybase" active=”true” />

setfipsmode

Turns FIPS mode on or off for an EAServer server or client.