Troubleshooting certificate compliance issues

Edit online

When you enable Verify Identity Access applications to implement a security compliance standard, certain settings are required.

The required settings apply to the standards of the following security settings:
  • FIPS 140-2
  • NIST Special Publications 800-131a (or SP 800-131a) Transition
  • NIST SP800-131a Strict
  • National Security Agency (NSA) Suite B 128 bit
  • NSA Suite B 192 bit

To ensure a successful regeneration of the Verify Identity Access side of the certificates, see the Administering topics in the IBM Knowledge Center.

WebSphere® Application Server, version 8.0, requires certain settings to properly enable compliance. See

http://publib.boulder.ibm.com/infocenter/ieduasst/v1r1m0/index.jsp?topic=/com.ibm.iea.was_v8/was/8.0.0.3/Security/WASV8003_SecurityCryptoSignatureAlgorithm/player.html

For support for NIST SP 800-131 and NSA Suite B, you must use IBM® WebSphere Application Server, version 8.0.0.3 or later.

Other troubleshooting tips:
  • Check browser configuration

    Your browser might not support or not be configured to support the TLS protocol.

    TLS 1.2 is not enabled by default. Check your browser documentation for instructions on how to enable TLS version 1.2.

    For example, for Internet Explorer, version 8 on Windows™ 7 and Windows 2008, go to Tools > Internet Options > Advanced (Tab) > Security and select Use TLS 1.2.

  • Check user registry configuration

    Changing an SSL protocol to TLS, version 1.2, can affect communication between WebSphere Application Server and the user registry. If you receive an error message about failed connection, check your user registry configuration.

    The user registry must support TLS, version 1.2, if you use an SSL connection.