The Analytics Agent >= 22.10.0 is Federal Information Processing Standards (FIPS) 140-2 compliant.

To use the FIPS-compliant BCFKS trust store for the Analytics Agent, you can:

  1. Update the Analytics Agent configuration properties, OR
  2. Update the JVM arguments. 

Update Analytics Agent Configuration Properties

When truststores are used in the Analytics Agent, the truststore type must be added to override the default truststore type (JKS). 

Configure Analytics Agent to Events Service Communication

To configure Analytics Agent to Events Service communication, update the following properties:

https.event.trustStorePath=<path_to_BCFKS_truststore>
https.event.trustStorePassword=<password_for_truststore>
https.event.trustStoreType=BCFKS
CODE

Configure Analytics Agent to Controller Communication

To configure Analytics Agent to Controller communication, update the following properties:

ad.controller.https.trustStorePath=<path_to_BCFKS_truststore>
ad.controller.https.trustStorePassword=<password_for_truststore>
ad.controller.https.trustStoreType=BCFKS
CODE

Update JVM Arguments

  1. Provide the following JVM arguments:

    -Djavax.net.ssl.trustStore=<absolute_path_to_BCFKS_truststore>
-Djavax.net.ssl.trustStoreType=BCFKS
-Djavax.net.ssl.trustStorePassword=<password_for_truststore>
    CODE

  2. In the java.security file for the JRE used by the Analytics Agent, add the following security provider class:

    security.provider.<desired preference order>=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
    CODE

    Replace <desired preference order> with your desired preference order.

If the secure credential store is used for the access key or other password encryptions, use the FIPS-complaint configuration to generate the keystore. See Encrypt Agent Credentials.