{"id":8829,"date":"2016-09-08T21:25:24","date_gmt":"2016-09-08T19:25:24","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/"},"modified":"2016-09-08T21:25:24","modified_gmt":"2016-09-08T19:25:24","slug":"documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/","title":{"rendered":"Documentum story – Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository"},"content":{"rendered":"

In this blog and for a customer’s requirement (Data Migration), I had to temporarily disable the FIPS on a Content Server 7.2 P05 in order to connect to a repository 6.7 SP2. In fact after adding the 6.7 repository to the docbroker projection list of the CS 7.2, the customer was not able to login and had the following error message:<\/p>\n

[dmadmin@content_server_01 ~]$ idql repo67\nPlease enter a user (dmadmin): aberbier \nPlease enter password for aberbier: xxxxx\n\nEMC Documentum idql - Interactive document query interface\n(c) Copyright EMC Corp., 1992 - 2015\nAll rights reserved.\nClient Library Release 7.2.0050.0084\n\nConnecting to Server using docbase repo67\nCould not connect\n[DM_SESSION_E_RPC_ERROR]error: \"Server communication failure \"\n\njavax.net.ssl.SSLException: Client does not support server chosen protocol: SSLv3\n\ncom.rsa.sslj.x.g: Client does not support server chosen protocol: SSLv3<\/pre>\n
To understand what happened, we had to retrieve the docbase map of the docbroker using the dmqdocbroker utility:<\/p>\n
[dmadmin@content_server_01 ~]$ dmqdocbroker -i\ndmqdocbroker: A DocBroker Query Tool\ndmqdocbroker: Documentum Client Library Version: 7.2.0050.0084\nTargeting current host\nTargeting port 1489\n---- dmqdocbroker: (TARGET HOST: content_server_01) ----\np) Ping (test connectivity to) the docbroker\nd) Get a docbase map\ns) Get a server map\nn) Get next largest docbase id\nl) lookup a docbase id\no) find all open servers for a docbase\nh) Set the host name for the docbroker\ne) exit\nEnter an option (i.e. letter)> d\n**************************************************\n** D O C B R O K E R I N F O **\n**************************************************\nDocbroker host : content_server_01\nDocbroker port : 1490\nDocbroker network address : INET_ADDR: 02 5c3 93a73d7f content_server_01 172.1.1.2\nDocbroker version : 7.2.0050.0214 Linux64\n**************************************************\n** D O C B A S E I N F O **\n**************************************************\n--------------------------------------------\nDocbase name : gr_dbi\nDocbase id : 1103520\nDocbase description : dbi services Development Global Repository\nGovern docbase :\nFederation name :\nServer version : 7.2.0050.0214 Linux64.Oracle\nDocbase Roles : Global Registry\nDocbase Dormancy Status :\n--------------------------------------------\nDocbase name : repo67\nDocbase id : 1003563\nDocbase description :\nGovern docbase : gov\nFederation name : fed\nServer version : 6.7.2020.0057 AIX.Oracle\nDocbase Roles :\nDocbase Dormancy Status :<\/pre>\n
We saw that the repository we were trying to connect was hosted on an AIX server which was using the Oracle RDBMS(????). With the help of the EMC support and as per already faced issues with the communication between the content server, the web application server and web application client, we observed that the issue was related to the FIPS 140 which didn\u2019t allow the communication with weak protocol as SSLv3: only TLS and higher are supported with a Content Server 7.2.<\/p>\n
To work around this issue, we decided to temporarily disable the FIPS 140 on the CS 7.2 during the time of the data migration. Please find below the procedure that we applied to disable and re-enable the FIPS.<\/p>\n
Disable FIPS
\n==========<\/p>\n
1. Login to the CS 7.2\n2. Change the current user to the Installation Owner\n3. Backup the current java.security file: cp $JAVA_HOME\/jre\/lib\/security\/java.security $JAVA_HOME\/jre\/lib\/security\/java.security.bck-FIPS-Enabled\n4. Edit the java.security to disable FIPS: vi $JAVA_HOME\/jre\/lib\/security\/java.security\n5. Add the following line at the end of the file : com.rsa.cryptoj.jsafe.fips140initialmode=NON_FIPS140_MODE\n6. Save the file\n7. Restart the Content Server<\/pre>\n
After doing that, we were able to properly login to the remote 6.7 SP2 repository:<\/p>\n
[dmadmin@content_server_01 ~]$ idql repo67\nPlease enter a user (dmadmin): aberbier\nPlease enter password for aberbier: xxxxx\n\nEMC Documentum idql - Interactive document query interface\n(c) Copyright EMC Corp., 1992 - 2015\nAll rights reserved.\nClient Library Release 7.2.0050.0084\n\nConnecting to Server using docbase repo67\n[DM_SESSION_I_SESSION_START]info: \"Session 010000cf805192b0 started for user Arnaud Berbier. \"\n\nConnected to Documentum Server running Release 6.7.2020.0057 AIX.Oracle\n1><\/pre>\n
When the data migration has been properly completed and to stay in safe mode, we recommended to revert the changes\u00a0back as soon as possible.<\/p>\n
Revert back the changes
\n===================<\/p>\n
1. Login to the CS 7.2\n2. Change the current user to the Installation Owner\n3. Revert the java.security backup file: mv $JAVA_HOME\/jre\/lib\/security\/java.security.bck-FIPS-Enabled $JAVA_HOME\/jre\/lib\/security\/java.security\n5. Restart the Content Server<\/pre>\n
We strongly recommend not leaving the FIPS 140 disabled as we don\u2019t really know the impact from a security point of view.<\/p>\n
In this blog post, we provided a procedure to temporarily disable and re-activate the FIPS 140 on a Content Server 7.2 P05 in order to connect to a 6.7 SP2.<\/p>\n","protected":false},"excerpt":{"rendered":"
In this blog and for a customer’s requirement (Data Migration), I had to temporarily disable the FIPS on a Content Server 7.2 P05 in order to connect to a repository 6.7 SP2. In fact after adding the 6.7 repository to the docbroker projection list of the CS 7.2, the customer was not able to login […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[525],"tags":[129,918,382],"type_dbi":[],"class_list":["post-8829","post","type-post","status-publish","format-standard","hentry","category-enterprise-content-management","tag-documentum","tag-fips-140","tag-ssl"],"acf":[],"yoast_head":"\nDocumentum story - Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Documentum story - Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository\" \/>\n<meta property=\"og:description\" content=\"In this blog and for a customer’s requirement (Data Migration), I had to temporarily disable the FIPS on a Content Server 7.2 P05 in order to connect to a repository 6.7 SP2. In fact after adding the 6.7 repository to the docbroker projection list of the CS 7.2, the customer was not able to login […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-09-08T19:25:24+00:00\" \/>\n<meta name=\"author\" content=\"Arnaud Berbier\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Berbier\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\"},\"author\":{\"name\":\"Arnaud Berbier\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c71a46720faf18cf28611499df2dea2f\"},\"headline\":\"Documentum story – Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository\",\"datePublished\":\"2016-09-08T19:25:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\"},\"wordCount\":304,\"commentCount\":0,\"keywords\":[\"Documentum\",\"FIPS-140\",\"SSL\"],\"articleSection\":[\"Enterprise content management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\",\"name\":\"Documentum story - Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2016-09-08T19:25:24+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c71a46720faf18cf28611499df2dea2f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Documentum story – Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c71a46720faf18cf28611499df2dea2f\",\"name\":\"Arnaud Berbier\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9c34f01cf55fcb9e46d5ffd439039b55176dc188e050aba15da81ccccad08bd9?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9c34f01cf55fcb9e46d5ffd439039b55176dc188e050aba15da81ccccad08bd9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9c34f01cf55fcb9e46d5ffd439039b55176dc188e050aba15da81ccccad08bd9?s=96&d=mm&r=g\",\"caption\":\"Arnaud Berbier\"},\"description\":\"Arnaud Berbier has more than three years of experience in Oracle application development. He is specialized in PL\/SQL and APEX 4 development and masters the programming of requests in SQL language. He has a solid expertise in the analysis of business requirements and architectures based on Oracle technologies. He is Oracle Application Express 4 Developer Certified Expert, Oracle Certified Associate (OCA) WebLogic 11g System Administrator, OCA Java, and ITIL Foundation V3 certified. Arnaud Berbier holds a Bachelor of Science in Information System Management from the University of Applied Sciences Western Switzerland (HES-SO ARC) in Neuch\u00e2tel. His branch-related experience covers Public Sector, Financial Services \/ Banking, etc.\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/arnaud-berbier\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Documentum story - Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/","og_locale":"en_US","og_type":"article","og_title":"Documentum story - Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository","og_description":"In this blog and for a customer’s requirement (Data Migration), I had to temporarily disable the FIPS on a Content Server 7.2 P05 in order to connect to a repository 6.7 SP2. In fact after adding the 6.7 repository to the docbroker projection list of the CS 7.2, the customer was not able to login […]","og_url":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/","og_site_name":"dbi Blog","article_published_time":"2016-09-08T19:25:24+00:00","author":"Arnaud Berbier","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Arnaud Berbier","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/"},"author":{"name":"Arnaud Berbier","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c71a46720faf18cf28611499df2dea2f"},"headline":"Documentum story – Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository","datePublished":"2016-09-08T19:25:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/"},"wordCount":304,"commentCount":0,"keywords":["Documentum","FIPS-140","SSL"],"articleSection":["Enterprise content management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/","url":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/","name":"Documentum story - Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2016-09-08T19:25:24+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c71a46720faf18cf28611499df2dea2f"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-story-disable-fips-140-on-a-cs-7-2-p05-in-order-to-connect-to-a-6-7-sp2-repository\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Documentum story – Disable FIPS-140 on a CS 7.2 P05 in order to connect to a 6.7 SP2 repository"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c71a46720faf18cf28611499df2dea2f","name":"Arnaud Berbier","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9c34f01cf55fcb9e46d5ffd439039b55176dc188e050aba15da81ccccad08bd9?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/9c34f01cf55fcb9e46d5ffd439039b55176dc188e050aba15da81ccccad08bd9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9c34f01cf55fcb9e46d5ffd439039b55176dc188e050aba15da81ccccad08bd9?s=96&d=mm&r=g","caption":"Arnaud Berbier"},"description":"Arnaud Berbier has more than three years of experience in Oracle application development. He is specialized in PL\/SQL and APEX 4 development and masters the programming of requests in SQL language. He has a solid expertise in the analysis of business requirements and architectures based on Oracle technologies. He is Oracle Application Express 4 Developer Certified Expert, Oracle Certified Associate (OCA) WebLogic 11g System Administrator, OCA Java, and ITIL Foundation V3 certified. Arnaud Berbier holds a Bachelor of Science in Information System Management from the University of Applied Sciences Western Switzerland (HES-SO ARC) in Neuch\u00e2tel. His branch-related experience covers Public Sector, Financial Services \/ Banking, etc.","url":"https:\/\/www.dbi-services.com\/blog\/author\/arnaud-berbier\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/8829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=8829"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/8829\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=8829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=8829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=8829"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=8829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}