To enable the CLM crypto-policy function on a manually installed RHEL OS
Purpose
Perform this procedure to configure the minimum RSA cryptography key length for the RHEL crypto-policy function on a CLM OS instance.
Note: The crypto-policy function is not enabled on the OS until you perform the procedure.
Note: You must perform the procedure before you install any CLM software on the OS.
Steps
1 |
Log in as the root user on the station that hosts the OS. |
2 |
Open a console window. |
3 |
Enter the following: # cat /etc/crypto-policies/config ↵ The following crypto-policy setting is displayed: DEFAULT |
4 |
Create the following file using a plain-text editor such as vi: /etc/crypto-policies/policies/modules/NSP_CUSTOM_RSA_SIZE.pmod |
5 |
Edit the file to read as follows: min_rsa_size = 2048 |
6 |
Save and close the file. |
7 |
Enter the following: # cat NSP_CUSTOM_RSA_SIZE.pmod ↵ The edited file is displayed. |
8 |
Ensure that the file reads as follows: min_rsa_size = 2048 |
9 |
Enter the following: # update-crypto-policies --set FUTURE:NSP_CUSTOM_RSA_SIZE ↵ Messages like the following are displayed. Setting system policy to FUTURE:NSP_CUSTOM_RSA_SIZE Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. If the output is as shown, the crypto-policy configuration is successful. |
10 |
If the crypto-policy configuration succeeds, enter the following: # systemctl reboot ↵ The station reboots. |
11 |
Log in as the root user. |
12 |
Open a console window. |
13 |
Enter the following: # cat /etc/crypto-policies/config ↵ The crypto-policy setting is displayed. |
14 |
Verify that the crypto-policy setting reads as follows: FUTURE:NSP_CUSTOM_RSA_SIZE |
15 |
Close the console window. End of steps |