RHEL6 - Fips140-2 - Apache fails when trying to start with SSLFIPS on directive

Question

Hello server warriors!

I have a situation where I need to make my RHEL6 system FIPS140-2 compliant...which includes apache and mod_ssl. However, after I make the server run in "fips 140 mode" Apache does not recognize the SSLFIPS directive...and fails with the following error:

Invalid command 'SSLFIPS', perhaps misspelled or defined by a module not included in the server configuration

I installed mod_ssl from yum. This is a subscribed RHEL6 system...and is wired into RHN.

score 2 · Accepted Answer · answered Nov 13 '12 at 20:17

2

Ok...

So after much searching and some time spent with some professional support staff, turns out mod_ssl is not "approved" for use on a fips 140-2 enabled system.

In order to have SSL, you must leverage mod_nss instead.

answered Nov 13 '12 at 20:17

Mike Broyles

31
1
6

How to use in Redhat 4/5 system? or how to compile apache to use `mod_nss` – Satish Apr 22 '14 at 19:43
I'm assuming you mean RHEL 4 or RHEL 5? I would think mod_nss would be in the base repos for at least RHEL 5. – Mike Broyles Apr 23 '14 at 00:59

RHEL6 - Fips140-2 - Apache fails when trying to start with SSLFIPS on directive

1 Answers1