diff --git a/modules/ROOT/pages/fips-140-2-compliance-support.adoc b/modules/ROOT/pages/fips-140-2-compliance-support.adoc index 611dc2ec21..a8c1d1db3d 100644 --- a/modules/ROOT/pages/fips-140-2-compliance-support.adoc +++ b/modules/ROOT/pages/fips-140-2-compliance-support.adoc @@ -45,7 +45,7 @@ The following shows how to install and configure Bouncy Castle security provider + image::fips-install-jars.png[FIPS-install-jars] + -. Register the security provider in the security properties file in the `$JAVA_HOME/lib/security` folder: +. Register the security provider in the security properties file in the `$JAVA_HOME/lib/security/java.security` folder: + .. Open the `java.security` file to add your provider's class (for example, `org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider`) as the first item in the list of providers. + @@ -71,6 +71,7 @@ The following shows how to install and configure Bouncy Castle security provider Provider:bc-fips-1.0.2.4 TLS: bctls-fips-1.0.17.jar PKIX: bcpkix-fips-1.0.7.jar ---- + +. Register the security provider in the security properties file in the `$JAVA_HOME/conf/security/java.security` folder so that only the Bouncy Castle providers are set. . Copy the 3 files downloaded to `/lib/boot` (needed for Mule runtime) and `/mule-agent-plugin/lib` (needed for Mule agent) folders in Mule runtime. . Run `amc_setup` and register Mule runtime. For example, in *Add Server*, you find the registration token `/amc_setup -H d32c4bde-7184-444a-bd87-7a274623e14f---704247 node10 --fips`, where `d32c4bde-7184-444a-bd87-7a274623e14f---704247` is the key from Anypoint Runtime Manager. . To enable FIPS, update `$MULE_HOME/conf/wrapper.conf`. Add the properties `wrapper.java.additional.=-Dmule.security.model=fips140-2` and `wrapper.java.additional.=-Dmule.cluster.network.encryption.key={someKey}`, where `someKey` is the key from your cluster that needs to be defined if you are using a clustered environment.