Enabling FIPS

Last Updated : Jun 05, 2026 |

About this task

Use this procedure to enable FIPS 140–2 mode.

Important:

Default identity certificates issued by the EP Signing Certificate are no longer supported when FIPS is enabled. You must disable the EP Signing Certificate and install the custom identity certificates on the Experience Portal servers.

For more information on uploading identity certificates, see the following sections:

Procedure

Do the following from a local Linux console as a root user:
- Enable FIPS at OS level by running the fips-mode-setup --enable command.
  
  Note:
  Software-only customers using RHEL 7 can follow the procedure that is provided in the Red Hat customer portal for controlling FIPS mode in the operating system. For details, see How can I make RHEL 6/7/8 FIPS 140-2 compliant?
- Run the reboot command to reboot the system.
  
  Note:
  Rebooting the system enables FIPS at the JVM level.
Re-login and run the following commands to verify if FIPS is active:
cat /proc/sys/crypto/fips_enabled

sysctl crypto.fips_enabled

If the output for both of the commands is 1, FIPS is enabled.
```
cat /proc/sys/crypto/fips_enabled
 see: "1"

sysctl crypto.fips_enabled 
 see "crypto.fips_enabled = 1"

grep "JVM FIPS" $CATALINA_HOME/logs/catalina.out | tail -n 1
```
If FIPS is enabled, catalina.out has the following log:
```
VPServlet::initialize JVM FIPS is enabled 
```

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found

AVAYA DOCUMENTATION CENTER

No results found

Administering Avaya Experience Portal

Enabling FIPS

About this task

Procedure