By default the Access Manager config store has FIPS mode enabled and an RSA certificate associated with it. This disables SSLv3 and allows only TLSo 1.0, 1.1 and 1.2 clients to connect.
To allow Administration Console to connect with config store on TLSv1.1 and TLSv1.2, perform the following steps:
Install the LDAP plug-in from Administration Console (Admin > > Configure Console > > Plug-in Installation) to list it in the default iManager page (Admin > > Manage Roles and Tasks).
Ensure FIPS mode is enabled.
Ensure the line n4u.server.fips_tls=1 is in the /etc/opt/novell/eDirectory/conf/nds.conf file.
NOTE:After enabling FIPS mode, you must restart eDirectory (ndsd) daemon.
Click Admin > Manage Roles and Tasks.
Navigate to LDAP > LDAP Options > View LDAP Servers.
NOTE:To access LDAP Options, you have to use the iManager from a differenct eDirectory server of the standalone version. Install the edirectory90 Plugins from the iManager Plug-in repository.
Select the Access Manager server, then click the Connections tab.
Under the SSL Configuration section select only TLSv1.1 and TLSv1.2. The settings for other sections on the page do not require any change.
Save the configuration and restart the LDAP server from Administration Console using the following commands:
ndstrace -c "unload nldap"
ndstrace -c "load nldap"
Restart Tomcat by running the /etc/init.d/novell-ac restart command.