To enable the NSP crypto-policy function on a manually installed RHEL OS

Purpose

Perform this procedure to configure the minimum RSA cryptography key length for the RHEL crypto-policy function on a NSP OS instance.

Note: The crypto-policy function is not enabled on the OS until you perform the procedure.

Note: You must perform the procedure before you install any NSP software on the OS.

Steps
 

Log in as the root user on the station that hosts the OS.


Open a console window.


Enter the following:

cat /etc/crypto-policies/config ↵

The following crypto-policy setting is displayed:

DEFAULT


Create the following file using a plain-text editor such as vi:

/etc/crypto-policies/policies/modules/NSP_CUSTOM_RSA_SIZE.pmod


Edit the file to read as follows:

min_rsa_size = 2048


Save and close the file.


Enter the following:

cat NSP_CUSTOM_RSA_SIZE.pmod ↵

The edited file is displayed.


Ensure that the file reads as follows:

min_rsa_size = 2048


Enter the following:

update-crypto-policies --set FUTURE:NSP_CUSTOM_RSA_SIZE ↵

Messages like the following are displayed.

Setting system policy to FUTURE:NSP_CUSTOM_RSA_SIZE

Note: System-wide crypto policies are applied on application start-up.

It is recommended to restart the system for the change of policies to fully take place.

If the output is as shown, the crypto-policy configuration is successful.


10 

If the crypto-policy configuration succeeds, enter the following:

systemctl reboot ↵

The station reboots.


11 

Log in as the root user.


12 

Open a console window.


13 

Enter the following:

cat /etc/crypto-policies/config ↵

The crypto-policy setting is displayed.


14 

Verify that the crypto-policy setting reads as follows:

FUTURE:NSP_CUSTOM_RSA_SIZE


15 

Close the console window.

End of steps