Updating cryptographic modules for FIPS

FIPS installation only

As part of the FIPS installation, the cryptographic modules must be updated on all of your IBM QRadar appliances.

Before you begin

Go to Fix Central to obtain the 7.5.0-QRADAR-QRSIEM-FIPS-Crypto-Modules which contains the following files:
  • QRadar FIPS OpenSSL RPM
  • QRadar FIPS IBMJCEPlusFIPS compressed file

Procedure

  1. On each host, install the QRadar FIPS OpenSSL rpm by running the following command: yum install <QRadar FIPS OpenSSL>.rpm.
  2. Complete the following steps to install the QRadar FIPS IBMJCEPlusFIPS compressed file.
    1. To extract the compressed files, type the following command: tar -xvf <QRadar FIPS IBMJCEPlusFIPS>.tar to extract the compressed files.
    2. Run the following commands to back up the existing files.
      • cp /opt/ibm/java-x86_64-80/jre/lib/icc/C/icc/icclib/ICCSIG.txt /opt/ibm/java-x86_64-80/jre/lib/icc/C/icc/icclib/ICCSIG.txt.bak
      • cp /opt/ibm/java-x86_64-80/jre/lib/icc/C/icc/icclib/libicclib084.so /opt/ibm/java-x86_64-80/jre/lib/icc/C/icc/icclib/libicclib084.so.bak
    3. Copy the new updated files to their correct location by typing the following commands.
      • cp ICCSIG.txt /opt/ibm/java-x86_64-80/jre/lib/icc/C/icc/icclib/ICCSIG.txt
      • cp libicclib084.so /opt/ibm/java-x86_64-80/jre/lib/icc/C/icc/icclib/libicclib084.so
  3. Restart each appliance to ensure that the new files were created successfully.