Taking the MFT Server Out of FIPS Mode

You can take the MFT server out of FIPS mode manually if you have enabled it.

If FIPS mode is enabled manually, you have to undo the changes you made when putting MFT into FIPS mode. If FIPS mode is configured automatically during TIBCO MFT Command Center installation, see Configuring FIPS 140-2 Manually for more details on which files to edit.

Procedure

  1. Remove FIPS certified cryptographic provider from the list of providers in the java.security file.
    Note: When removing the cryptographic provider from the java.security file, you can either comment out the line with the pound sign (#) or delete the line. You must fix the order of the providers after that.
  2. Set the MFT environment variable FIPS_MODE to false in the setenv.sh file.
  3. Remove the provider name from the SSHSecurityProvider parameter in the web.xml file.