Disable FIPS mode for a NetBackup host
Carry out the following steps on each NetBackup host to disable FIPS mode.
To disable FIPS mode for a host
- Disable the NB_FIPS_MODE flag in the NetBackup configuration file.
- Restart the NetBackup services.
To verify if FIPS mode is disabled for a certain daemon or a command, check the respective logs. The log lines are available only for the daemons and commands that use cryptography.
Example 1: To verify if FIPS mode is disabled for the nbcertcmd command
- Go to the following directory:
UNIX: /usr/openv/netbackup/bin
Windows: install_path\NetBackup\bin
- Run the following command: nbcertcmd -ping
- Go to the nbcertcmd logs at the following directory:
UNIX: /usr/openv/netbackup/logs/nbcert
Windows: install_path\NetBackup\logs\nbcert
- Check the logs. The log file should contain the following log lines:
ProcessContext: ProcessName:[nbcertcmd], FipsMode:[DISABLED], Username:[root], IsServiceAdmin:[0], UserID:[0], GroupID:[0]
Example 2: To verify if FIPS mode is disabled for the NetBackup Web Management Console (nbwmc) service
- Disabling FIPS mode for NetBackup services also disable FIPS mode for nbwmc service running on the primary server host.
Open the following log file on the NetBackup primary server host:
UNIX: /usr/openv/wmc/webserver/logs/catalina-date.log
Windows: install_path\NetBackup\wmc\webserver\logs/catalina-date.log
- Check if the log file contains the following log line:
The nbwmc service is running in non-FIPS mode