To make your implementation of IBM Lotus Quickr services for Lotus Domino FIPS compliant (which provides stronger protection for ID files, mail and documents, and single sign-on (SSO) configurations), you need to enable FIPS on a reverse proxy server that uses the Caching Proxy and Load Balancer Edge components included with the WebSphere Application Server. The reverse proxy server must be enabled for SSL and FIPS so that all requests to Lotus Quickr services for Domino go through the proxy.
The communication with the Lotus Domino backend is handled by the reverse proxy server only; there is no direct browser access by clients.
The Advanced Encryption Standard (AES) algorithm is optionally available for use with some encryption features. The AES algorithm is widely used and is approved by Federal Information Processing Standard (FIPS) 140-2. AES is currently available for ID file encryption, mail and document encryption, SSO configuration using the LtpaToken2 format, and SSL cipher configuration.
- Set up FIPS on the Lotus Domino server where the Lotus Quickr server is located.
- Halt the proxy server.
- Access and open edit the ibmproxy.conf configuration file on the reverse proxy server by following the instructions in Appendix B–Configuration File Directives of the Caching Proxy Administration Guide.
- Find the FIPSEnable (Enabling Federal Information Processing Standard (FIPS) approved ciphers for SSLV3 and TLS) directive and set it to on. The default value is off.
- Save your changes to ibmproxy.conf configuration file.
- Restart the reverse proxy server for your changes to take effect.
Parent topic: Configuring security: qd85