This section tells you how to copy required files and configure the FIPS-supported redirector plug-in for Apache. It assumes you have already installed and configured the plug-in for non-FIPS use and updated this installation by following the instructions described in “Adding FIPS and TLS support to the Web server redirector plug-ins”.
Edit the httpd.conf file to load the FIPS-supported redirector module. The following lines illustrate a sample httpd.conf file that supports FIPS and TLS. The only difference from a non-FIPS sample is that the file libjeas2_mod.so is replaced with libjeas_mod2_f140.so. For example:
LoadModule easredirector_module libexec/libjeas_mod2_f140.so EASConfigFile WEB_SERVER_HOME/conf/conn_config ServerName www.myhost.com <LocationMatch /examples/*|/estore/* > SetHandler eas-handler </LocationMatch>
Copy the required libraries. When you initially installed the non-FIPS-supported Apache Web server plug-in, and used WEB_SERVER_HOME as the location of the Apache Web server software, you copied the libraries listed below from your $JAGUAR/lib directory to the WEB_SERVER_HOME/libexec directory:
libjcc.so
libjctssecct.so
libjeas_mod.so (for Apache version 1.3.26) or libjeas2_mod.so (for Apache version 2.0)
libjinsck64_r.so
libjintl_r.so
libjspks_r.so
libjsybscl_r.so
libjtli_r.so
libjtml_r.so
libjutils.so
To support FIPS and TLS you must copy the following libraries from the EAServer/lib subdirectory that was created when you ran the EAServer 5.2 installation program into the WEB_SERVER_HOME/libexec directory:
libjctssecct_f140.so
libjsbgpks_r.so
libjeas2_mod_f140.so (Apache version 2.0 FIPS-supported library)
libsbgse2.so
Verify that the Web redirector plug-in still works for your HTTP connections.
Enable FIPS for the redirector plug-in and establish HTTPS connections. See “Managing FIPS for the redirector plug-ins”
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
