Steve, Just to be clear, I can use this file, ~\app\openssl, to generate a key and certificate request that will be FIPS compliant? How can I tell Tomcat to use this built version of OpenSSL as the SSLEngine?
Thank you, Ben M. Scholl Ennovex Solutions, Inc. Software Engineer DoD PKE Engineering Phone: 703-933-9064 Fax: 703-933-9067 www.ennovex.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Friday, March 14, 2008 7:12 AM To: openssl-users@openssl.org Subject: Re: OpenSSL FIPS 1.1.2 on Windows On Thu, Mar 13, 2008, Scholl, Ben M. wrote: > Steve, > > I followed your procedure, and this time it actually looks like it worked. I > am confused at what I need to do now to use this build. > > I ran this command: ~\apps\openssl version > It returned: OpenSSL 0.9.7j-fips-dev XX xxx XXXX > > Is this the expected result? Do I need to then build another version of > OpenSSL and link to this one somehow, or is this a usable FIPS version? > > My ultimate goal is to create a key and certificate request using a FIPS > version of OpenSSL and then somehow use OpenSSL as my Tomcat 6 SSLEngine. > Currently I have no idea how to accomplish any of this. > > Any help you can provide is much appreciated. > Yes that is the expected result. You can use that version of OpenSSL "as is" but it is rather ancient (due to the long timescale of the validation process). If you want to use VC++ for development you have to link a recent version of OpenSSL 0.9.7 against the validated module. Instructions are in the user guide see: http://www.openssl.org/docs/fips/UserGuide-1.1.1.pdf Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
