From 3f2fb2c1111b5dfa19beeafa21dfa8cd31057111 Mon Sep 17 00:00:00 2001 From: Ramkumar K Date: Mon, 1 Dec 2025 22:42:24 +0530 Subject: [PATCH 1/9] v250012-antora-update --- antora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/antora.yml b/antora.yml index 42e77a0757..51f19acddf 100644 --- a/antora.yml +++ b/antora.yml @@ -1,6 +1,6 @@ name: docs # Do not rename since it will mess up the path in the url title: Docs overview -version: 25.0.0.12 +version: 26.0.0.1 start_page: ROOT:overview.adoc asciidoc: attributes: From 40f340058d19e035be0f0d4329f5b4c68ccc87b3 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Wed, 14 Jan 2026 15:37:04 -0500 Subject: [PATCH 2/9] new command page and edits to existing pages --- modules/ROOT/pages/enable-fips.adoc | 6 +- modules/ROOT/pages/network-hardening.adoc | 2 + .../command/securityUtility-commands.adoc | 3 +- .../securityUtility-configureFIPS.adoc | 86 +++++++++++++++++++ .../securityUtility-createLTPAKeys.adoc | 10 +-- 5 files changed, 94 insertions(+), 13 deletions(-) create mode 100644 modules/reference/pages/command/securityUtility-configureFIPS.adoc diff --git a/modules/ROOT/pages/enable-fips.adoc b/modules/ROOT/pages/enable-fips.adoc index 9fe63ce1f3..5d0a37ad96 100644 --- a/modules/ROOT/pages/enable-fips.adoc +++ b/modules/ROOT/pages/enable-fips.adoc @@ -14,11 +14,11 @@ The Federal Information Processing Standard (FIPS) is a US government security s FIPS enablement is important for many users, particularly if you work for or with US government agencies. Running your Open Liberty servers on a FIPS-compliant JVM helps ensure that only FIPS-certified cryptography is used when an application uses Java security libraries or APIs. FIPS-compliant JVM options for Open Liberty are link:https://www.ibm.com/docs/en/sdk-java-technology/8[IBM SDK, Java Technology Edition] or link:https://developer.ibm.com/articles/explore-options-for-downloading-ibm-semeru-runtimes[IBM Semeru Runtimes]. -To enable FIPS for Liberty with the IBM SDK, Java Technology Edition, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. This option is available only for Java SE 8. For Java SE 11 or later, use IBM Semeru Runtimes. +To enable FIPS for Liberty with the IBM SDK, Java Technology Edition or IBM Semeru Runtimes, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. This option is available only for Java SE 8. For Java SE 11 or later, use IBM Semeru Runtimes. -To enable FIPS 140-2 for Liberty with IBM Semeru Runtimes, complete the following steps. +To enable FIPS 140-2 for Open Liberty with IBM Semeru Runtimes, complete the following steps. -== Enable FIPS for Open Liberty on IBM Semeru Runtimes +== Enable FIPS 140-2 for Open Liberty on IBM Semeru Runtimes You can enable either IBM Semeru Runtime Certified Edition or Open Edition in FIPS mode in version 11.0.16 and later for Java 11 and version 17.0.4 and later for Java 17. Java 11 and 17 support for FIPS with Semeru Runtimes is available only on Red Hat Enterprise Linux (RHEL) 8 on x86 platforms. The RHEL 8 operating system must be running in FIPS mode because the IBM Semeru Runtimes rely on the operating system’s underlying Network Security Services (NSS) FIPS 140-2 certification. To run Open Liberty on IBM Semeru Runtimes in FIPS mode, Open Liberty version 22.0.0.8 or later is recommended. In FIPS mode, Semeru Runtimes does not support file-based keystores like JKS and PKCS#12. Certificates in your file-based keystores must be imported into the NSS database. Open Liberty does not create certificates in the NSS database. diff --git a/modules/ROOT/pages/network-hardening.adoc b/modules/ROOT/pages/network-hardening.adoc index 797de169fb..64985a4f49 100644 --- a/modules/ROOT/pages/network-hardening.adoc +++ b/modules/ROOT/pages/network-hardening.adoc @@ -203,6 +203,8 @@ You can disable HTTP session overflow by setting the `allowOverflow` attribute t [#jmx-connector] == JMX connector +Avoid the use of [localConnector-1.0](https://openliberty.io/docs/latest/reference/feature/localConnector-1.0.html) in production. Instead, use [restConnector-2.0](https://openliberty.io/docs/latest/reference/feature/restConnector-2.0.html). + When you use the IBM HTTP Server, you can secure access to the Open Liberty JMX connector for remote administrative services in the web server plug-in by removing or commenting out the following entries: [source,xml] diff --git a/modules/reference/pages/command/securityUtility-commands.adoc b/modules/reference/pages/command/securityUtility-commands.adoc index bba8ef0618..9233868a92 100644 --- a/modules/reference/pages/command/securityUtility-commands.adoc +++ b/modules/reference/pages/command/securityUtility-commands.adoc @@ -20,10 +20,11 @@ The `securityUtility` commands help you accomplish various security-related task The following `securityUtility` commands are available: +* xref:command/securityUtility-configureFIPS.adoc[securityUtility configureFIPS]: The command configures FIPS 140-3 for servers, clients, and tools. * xref:command/securityUtility-createLTPAKeys.adoc[securityUtility createLTPAKeys]: The command creates a set of LTPA keys for use by the server, or that can be shared with multiple servers. * xref:command/securityUtility-createSSLCertificate.adoc[securityUtility createSSLCertificate]: The command supports TLS certificate creation for Open Liberty. -* xref:command/securityUtility-generateAESKey.adoc[securityUtility generateAESKey]: Generates a Base64-encoded 256-bit AES key for use with password encryption in Open Liberty. * xref:command/securityUtility-encode.adoc[securityUtility encode]: The command supports plain text obfuscation for Open Liberty. +* xref:command/securityUtility-generateAESKey.adoc[securityUtility generateAESKey]: Generates a Base64-encoded 256-bit AES key for use with password encryption in Open Liberty. * xref:command/securityUtility-help.adoc[securityUtility help]: The command displays information about the `securityUtility` command, with details about its actions and options. diff --git a/modules/reference/pages/command/securityUtility-configureFIPS.adoc b/modules/reference/pages/command/securityUtility-configureFIPS.adoc new file mode 100644 index 0000000000..9d538ed25a --- /dev/null +++ b/modules/reference/pages/command/securityUtility-configureFIPS.adoc @@ -0,0 +1,86 @@ +// +// Copyright (c) 2026 IBM Corporation and others. +// Licensed under Creative Commons Attribution-NoDerivatives +// 4.0 International (CC BY-ND 4.0) +// https://creativecommons.org/licenses/by-nd/4.0/ +// +// Contributors: +// IBM Corporation +// +:page-description: The `securityUtility configureFIPS` command configures FIPS 140-3 for servers, clients, and tools. +:seo-title: securityUtility configureFIPS - OpenLiberty.io +:seo-description: The `securityUtility configureFIPS` command configures FIPS 140-3 for servers, clients, and tools. +:page-layout: general-reference +:page-type: general += securityUtility configureFIPS + +The `securityUtility configureFIPS` command configures FIPS 140-3 for servers, clients, and tools. + +== Usage example + +Enable FIPS 140-3 across all servers, clients, and tools: + +---- +securityUtility configureFIPS +---- + +== Syntax + +Run the command from the `_path_to_liberty_/wlp/bin` directory. + +[subs=+quotes] +---- +securityUtility configureFIPS [_options_] +---- + +== Options + +.Options for the securityUtility createLTPAKeys command +[%header,cols=2*] +|=== +|Option +|Description + +|--server=_server_name_ +|Configures FIPS 140-3 at a specified server. + +|--client=_client_name_ +|Configures FIPS 140-3 at a specified client. + +|--customProfileFile=_name_ +|For IBM Semeru Runtime, creates a custom profile file with a specified name or at a specified location. The default name of the custom profile file is `FIPS140-3-Liberty-Application.properties`. + - If this option is not provided, the custom profile file is located in the `/etc` directory of your Liberty installation. + - If this option is not provided and the `--server` option is used, the custom profile file is located in the `/security` directory of the specified server. + - If this option is not provided and the `--client` option is used, the custom profile file is located in the `/security` directory of the specified client. + +|--disable +|Disables FIPS 140-3 from all servers and clients that were not individually configured. Use the --server and --client options with the --disable option to disable FIPS 140-3 from specified servers and clients respectively. + +|=== + +== Exit codes + +The following exit codes are available for the `securityUtility createLTPAKeys` command: + +.Exit codes for the securityUtility createLTPAKeys command +[%header,cols="2,9"] +|=== + +|Code +|Explanation + +|0 +|This code indicates successful completion of the requested operation. + +|1 +|This code indicates a generic error. + +|2 +|This code indicates that the server is not found. + +|3 +|This code indicates that the client is not found. + +|4 +|This code indicates that the path can not be created. +|=== diff --git a/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc b/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc index bd3a780f82..ae167d3d00 100644 --- a/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc +++ b/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc @@ -17,15 +17,7 @@ The `securityUtility createLTPAKeys` command creates a set of LTPA keys for use by the server, or that can be shared with multiple servers. If no server or file is specified, an `ltpa.keys` file is created in the current working directory. -When FIPS 140-3 is enabled, set the system properties by using the following JVM_ARGS environment variable to enable the 'securityUtility' tool to create LTPA keys with the 'createLTPAKeys' command: - ----- -export JVM_ARGS="-Xenablefips140-3 -Dcom.ibm.jsse2.usefipsprovider=true -Dcom.ibm.jsse2.usefipsProviderName=IBMJCEPlusFIPS" ----- - -After the system properties are set, replace the existing LTPA keys with the newly created LTPA keys. - -For more information about FIPS 140-3, see xref:ROOT:enable-fips.adoc[Run FIPS-compliant applications on Open Liberty]. +For information about creating LTPA keys using FIPS 140-3 approved algorithms, see [Setting up Liberty for FIPS compliance](https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance). == Usage example From b38f783435eea1c269c584d94d26b9568305e60f Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Wed, 14 Jan 2026 17:09:38 -0500 Subject: [PATCH 3/9] fix link --- .../reference/pages/command/securityUtility-createLTPAKeys.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc b/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc index ae167d3d00..224ff8911c 100644 --- a/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc +++ b/modules/reference/pages/command/securityUtility-createLTPAKeys.adoc @@ -17,7 +17,7 @@ The `securityUtility createLTPAKeys` command creates a set of LTPA keys for use by the server, or that can be shared with multiple servers. If no server or file is specified, an `ltpa.keys` file is created in the current working directory. -For information about creating LTPA keys using FIPS 140-3 approved algorithms, see [Setting up Liberty for FIPS compliance](https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance). +For information about creating LTPA keys using FIPS 140-3 approved algorithms, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance]. == Usage example From 1e23f22d42fac5bd120a7c7a586b69c4eb47e417 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Wed, 21 Jan 2026 10:22:19 -0500 Subject: [PATCH 4/9] sme review 20260121 --- modules/ROOT/pages/enable-fips.adoc | 8 +++++--- modules/ROOT/pages/network-hardening.adoc | 2 +- modules/reference/nav.adoc | 1 + .../pages/command/securityUtility-configureFIPS.adoc | 12 ++++++------ 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/modules/ROOT/pages/enable-fips.adoc b/modules/ROOT/pages/enable-fips.adoc index 5d0a37ad96..0974eb17db 100644 --- a/modules/ROOT/pages/enable-fips.adoc +++ b/modules/ROOT/pages/enable-fips.adoc @@ -14,11 +14,13 @@ The Federal Information Processing Standard (FIPS) is a US government security s FIPS enablement is important for many users, particularly if you work for or with US government agencies. Running your Open Liberty servers on a FIPS-compliant JVM helps ensure that only FIPS-certified cryptography is used when an application uses Java security libraries or APIs. FIPS-compliant JVM options for Open Liberty are link:https://www.ibm.com/docs/en/sdk-java-technology/8[IBM SDK, Java Technology Edition] or link:https://developer.ibm.com/articles/explore-options-for-downloading-ibm-semeru-runtimes[IBM Semeru Runtimes]. -To enable FIPS for Liberty with the IBM SDK, Java Technology Edition or IBM Semeru Runtimes, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. This option is available only for Java SE 8. For Java SE 11 or later, use IBM Semeru Runtimes. +== Enable FIPS 140-3 for Open Liberty on IBM Semeru Runtimes -To enable FIPS 140-2 for Open Liberty with IBM Semeru Runtimes, complete the following steps. +To enable FIPS 140-3 for Liberty with the IBM SDK, Java Technology Edition or IBM Semeru Runtimes, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. This option is available only for Java SE 8. For Java SE 11 or later, use IBM Semeru Runtimes. -== Enable FIPS 140-2 for Open Liberty on IBM Semeru Runtimes +Alternatively, to enable FIPS 140-2 for Open Liberty with IBM Semeru Runtimes, complete the following steps. + +=== Enable FIPS 140-2 for Open Liberty on IBM Semeru Runtimes You can enable either IBM Semeru Runtime Certified Edition or Open Edition in FIPS mode in version 11.0.16 and later for Java 11 and version 17.0.4 and later for Java 17. Java 11 and 17 support for FIPS with Semeru Runtimes is available only on Red Hat Enterprise Linux (RHEL) 8 on x86 platforms. The RHEL 8 operating system must be running in FIPS mode because the IBM Semeru Runtimes rely on the operating system’s underlying Network Security Services (NSS) FIPS 140-2 certification. To run Open Liberty on IBM Semeru Runtimes in FIPS mode, Open Liberty version 22.0.0.8 or later is recommended. In FIPS mode, Semeru Runtimes does not support file-based keystores like JKS and PKCS#12. Certificates in your file-based keystores must be imported into the NSS database. Open Liberty does not create certificates in the NSS database. diff --git a/modules/ROOT/pages/network-hardening.adoc b/modules/ROOT/pages/network-hardening.adoc index 64985a4f49..531132a83c 100644 --- a/modules/ROOT/pages/network-hardening.adoc +++ b/modules/ROOT/pages/network-hardening.adoc @@ -203,7 +203,7 @@ You can disable HTTP session overflow by setting the `allowOverflow` attribute t [#jmx-connector] == JMX connector -Avoid the use of [localConnector-1.0](https://openliberty.io/docs/latest/reference/feature/localConnector-1.0.html) in production. Instead, use [restConnector-2.0](https://openliberty.io/docs/latest/reference/feature/restConnector-2.0.html). +Avoid the use of link:https://openliberty.io/docs/latest/reference/feature/localConnector-1.0.html[localConnector-1.0] in production. Instead, use link:https://openliberty.io/docs/latest/reference/feature/restConnector-2.0.html[restConnector-2.0]. The restConnector-2.0 feature provides better security than localConnector-1.0, because it requires TLS and is protected by the administrator and reader roles. When you use the IBM HTTP Server, you can secure access to the Open Liberty JMX connector for remote administrative services in the web server plug-in by removing or commenting out the following entries: diff --git a/modules/reference/nav.adoc b/modules/reference/nav.adoc index b1f8a2c795..6869b52e5e 100644 --- a/modules/reference/nav.adoc +++ b/modules/reference/nav.adoc @@ -24,6 +24,7 @@ include::reference:partial$platform-nav.adoc[] *** xref:command/featureUtility-installServerFeatures.adoc[installServerFeatures] *** xref:command/featureUtility-viewSettings.adoc[viewSettings] ** xref:command/securityUtility-commands.adoc[securityUtility commands] + *** xref:command/securityUtility-configureFIPS.adoc[securityUtility configureFIPS] *** xref:command/securityUtility-createLTPAKeys.adoc[createLTPAKeys] *** xref:command/securityUtility-createSSLCertificate.adoc[createSSLCertificate] *** xref:command/securityUtility-encode.adoc[encode] diff --git a/modules/reference/pages/command/securityUtility-configureFIPS.adoc b/modules/reference/pages/command/securityUtility-configureFIPS.adoc index 9d538ed25a..f360a4b9cd 100644 --- a/modules/reference/pages/command/securityUtility-configureFIPS.adoc +++ b/modules/reference/pages/command/securityUtility-configureFIPS.adoc @@ -35,7 +35,7 @@ securityUtility configureFIPS [_options_] == Options -.Options for the securityUtility createLTPAKeys command +.Options for the securityUtility configureFIPS command [%header,cols=2*] |=== |Option @@ -49,9 +49,9 @@ securityUtility configureFIPS [_options_] |--customProfileFile=_name_ |For IBM Semeru Runtime, creates a custom profile file with a specified name or at a specified location. The default name of the custom profile file is `FIPS140-3-Liberty-Application.properties`. - - If this option is not provided, the custom profile file is located in the `/etc` directory of your Liberty installation. - - If this option is not provided and the `--server` option is used, the custom profile file is located in the `/security` directory of the specified server. - - If this option is not provided and the `--client` option is used, the custom profile file is located in the `/security` directory of the specified client. +* If this option is not provided, the custom profile file is located in the `/etc` directory of your Liberty installation. +* If this option is not provided and the `--server` option is used, the custom profile file is located in the `/security` directory of the specified server. +* If this option is not provided and the `--client` option is used, the custom profile file is located in the `/security` directory of the specified client. |--disable |Disables FIPS 140-3 from all servers and clients that were not individually configured. Use the --server and --client options with the --disable option to disable FIPS 140-3 from specified servers and clients respectively. @@ -60,9 +60,9 @@ securityUtility configureFIPS [_options_] == Exit codes -The following exit codes are available for the `securityUtility createLTPAKeys` command: +The following exit codes are available for the `securityUtility configureFIPS` command: -.Exit codes for the securityUtility createLTPAKeys command +.Exit codes for the securityUtility configureFIPS command [%header,cols="2,9"] |=== From 5188ac1b582a95d91f28a37e98f8ab7a056950a5 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Wed, 21 Jan 2026 10:27:45 -0500 Subject: [PATCH 5/9] remove confusing sentences --- modules/ROOT/pages/enable-fips.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/enable-fips.adoc b/modules/ROOT/pages/enable-fips.adoc index 0974eb17db..a723c9ddb8 100644 --- a/modules/ROOT/pages/enable-fips.adoc +++ b/modules/ROOT/pages/enable-fips.adoc @@ -16,7 +16,7 @@ FIPS enablement is important for many users, particularly if you work for or wit == Enable FIPS 140-3 for Open Liberty on IBM Semeru Runtimes -To enable FIPS 140-3 for Liberty with the IBM SDK, Java Technology Edition or IBM Semeru Runtimes, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. This option is available only for Java SE 8. For Java SE 11 or later, use IBM Semeru Runtimes. +To enable FIPS 140-3 for Liberty with the IBM SDK, Java Technology Edition or IBM Semeru Runtimes, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. Alternatively, to enable FIPS 140-2 for Open Liberty with IBM Semeru Runtimes, complete the following steps. From 8428ba35223fe5482667981894e97106943e36d9 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Wed, 21 Jan 2026 18:05:35 -0500 Subject: [PATCH 6/9] remove securityUtility from nav --- modules/reference/nav.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/reference/nav.adoc b/modules/reference/nav.adoc index 6869b52e5e..6fe8a91de4 100644 --- a/modules/reference/nav.adoc +++ b/modules/reference/nav.adoc @@ -24,7 +24,7 @@ include::reference:partial$platform-nav.adoc[] *** xref:command/featureUtility-installServerFeatures.adoc[installServerFeatures] *** xref:command/featureUtility-viewSettings.adoc[viewSettings] ** xref:command/securityUtility-commands.adoc[securityUtility commands] - *** xref:command/securityUtility-configureFIPS.adoc[securityUtility configureFIPS] + *** xref:command/securityUtility-configureFIPS.adoc[configureFIPS] *** xref:command/securityUtility-createLTPAKeys.adoc[createLTPAKeys] *** xref:command/securityUtility-createSSLCertificate.adoc[createSSLCertificate] *** xref:command/securityUtility-encode.adoc[encode] From e9f943561a8c05123e28e309404c413b527f7db0 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Wed, 21 Jan 2026 18:12:16 -0500 Subject: [PATCH 7/9] list in table cell formatting --- .../reference/pages/command/securityUtility-configureFIPS.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/reference/pages/command/securityUtility-configureFIPS.adoc b/modules/reference/pages/command/securityUtility-configureFIPS.adoc index f360a4b9cd..670529a507 100644 --- a/modules/reference/pages/command/securityUtility-configureFIPS.adoc +++ b/modules/reference/pages/command/securityUtility-configureFIPS.adoc @@ -48,7 +48,7 @@ securityUtility configureFIPS [_options_] |Configures FIPS 140-3 at a specified client. |--customProfileFile=_name_ -|For IBM Semeru Runtime, creates a custom profile file with a specified name or at a specified location. The default name of the custom profile file is `FIPS140-3-Liberty-Application.properties`. +a|For IBM Semeru Runtime, creates a custom profile file with a specified name or at a specified location. The default name of the custom profile file is `FIPS140-3-Liberty-Application.properties`. * If this option is not provided, the custom profile file is located in the `/etc` directory of your Liberty installation. * If this option is not provided and the `--server` option is used, the custom profile file is located in the `/security` directory of the specified server. * If this option is not provided and the `--client` option is used, the custom profile file is located in the `/security` directory of the specified client. From 8d7f856b467644463404ee6fa454f17636cf17d6 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Thu, 22 Jan 2026 14:50:28 -0500 Subject: [PATCH 8/9] 7962 sme review 20260122 --- modules/ROOT/pages/enable-fips.adoc | 2 +- .../reference/pages/command/securityUtility-configureFIPS.adoc | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ROOT/pages/enable-fips.adoc b/modules/ROOT/pages/enable-fips.adoc index a723c9ddb8..156b8b741d 100644 --- a/modules/ROOT/pages/enable-fips.adoc +++ b/modules/ROOT/pages/enable-fips.adoc @@ -18,7 +18,7 @@ FIPS enablement is important for many users, particularly if you work for or wit To enable FIPS 140-3 for Liberty with the IBM SDK, Java Technology Edition or IBM Semeru Runtimes, see link:https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-setting-up-fips-compliance[Setting up Liberty for FIPS compliance] in the WebSphere Liberty documentation. The configuration for FIPS 140-3 is the same for both WebSphere Liberty and Open Liberty. -Alternatively, to enable FIPS 140-2 for Open Liberty with IBM Semeru Runtimes, complete the following steps. +Alternatively, to enable the outmoded FIPS 140-2 for Open Liberty with IBM Semeru Runtimes, complete the following steps. Be certain that you want to proceed; FIPS 140-2 validations are scheduled to move to the Historical List. === Enable FIPS 140-2 for Open Liberty on IBM Semeru Runtimes diff --git a/modules/reference/pages/command/securityUtility-configureFIPS.adoc b/modules/reference/pages/command/securityUtility-configureFIPS.adoc index 670529a507..f16761d4c6 100644 --- a/modules/reference/pages/command/securityUtility-configureFIPS.adoc +++ b/modules/reference/pages/command/securityUtility-configureFIPS.adoc @@ -49,6 +49,7 @@ securityUtility configureFIPS [_options_] |--customProfileFile=_name_ a|For IBM Semeru Runtime, creates a custom profile file with a specified name or at a specified location. The default name of the custom profile file is `FIPS140-3-Liberty-Application.properties`. + * If this option is not provided, the custom profile file is located in the `/etc` directory of your Liberty installation. * If this option is not provided and the `--server` option is used, the custom profile file is located in the `/security` directory of the specified server. * If this option is not provided and the `--client` option is used, the custom profile file is located in the `/security` directory of the specified client. From 024ffcdd450f064a4d466ed93b5fe45f2df49201 Mon Sep 17 00:00:00 2001 From: Jeff Antley Date: Fri, 23 Jan 2026 10:25:00 -0500 Subject: [PATCH 9/9] Update nav.adoc do not update nav this way --- modules/reference/nav.adoc | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/reference/nav.adoc b/modules/reference/nav.adoc index 6fe8a91de4..b1f8a2c795 100644 --- a/modules/reference/nav.adoc +++ b/modules/reference/nav.adoc @@ -24,7 +24,6 @@ include::reference:partial$platform-nav.adoc[] *** xref:command/featureUtility-installServerFeatures.adoc[installServerFeatures] *** xref:command/featureUtility-viewSettings.adoc[viewSettings] ** xref:command/securityUtility-commands.adoc[securityUtility commands] - *** xref:command/securityUtility-configureFIPS.adoc[configureFIPS] *** xref:command/securityUtility-createLTPAKeys.adoc[createLTPAKeys] *** xref:command/securityUtility-createSSLCertificate.adoc[createSSLCertificate] *** xref:command/securityUtility-encode.adoc[encode]