W-19434655-java-security-46-dm

modules/ROOT/pages/fips-140-2-compliance-support.adoc

@@ -45,7 +45,7 @@ The following shows how to install and configure Bouncy Castle security provider
 +
 image::fips-install-jars.png[FIPS-install-jars]
 +
-. Register the security provider in the security properties file in the `$JAVA_HOME/lib/security` folder:
+. Register the security provider in the security properties file in the `$JAVA_HOME/lib/security/java.security` folder:
 +
 .. Open the `java.security` file to add your provider's class (for example, `org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider`) as the first item in the list of providers.
 +
@@ -71,6 +71,7 @@ The following shows how to install and configure Bouncy Castle security provider
 Provider:bc-fips-1.0.2.4  TLS: bctls-fips-1.0.17.jar  PKIX: bcpkix-fips-1.0.7.jar
 ----
 +
+. Register the security provider in the security properties file in the `$JAVA_HOME/conf/security/java.security` folder so that only the Bouncy Castle providers are set.
 . Copy the 3 files downloaded to `/lib/boot` (needed for Mule runtime) and `/mule-agent-plugin/lib` (needed for Mule agent) folders in Mule runtime.
 . Run `amc_setup` and register Mule runtime. For example, in *Add Server*, you find the registration token `/amc_setup -H d32c4bde-7184-444a-bd87-7a274623e14f---704247 node10  --fips`, where `d32c4bde-7184-444a-bd87-7a274623e14f---704247` is the key from Anypoint Runtime Manager.
 . To enable FIPS, update `$MULE_HOME/conf/wrapper.conf`. Add the properties `wrapper.java.additional.<n>=-Dmule.security.model=fips140-2` and `wrapper.java.additional.<n>=-Dmule.cluster.network.encryption.key={someKey}`, where `someKey` is the key from your cluster that needs to be defined if you are using a clustered environment.