By default the Access Manager config store has FIPS mode enabled and an RSA certificate associated with it. This disables SSLv3 and allows only TLS 1.0, 1.1 and 1.2 clients to connect.
To allow Administration Console to connect with config store on TLSv1.1 and TLSv1.2, perform the following steps:
Install the LDAP plug-in to list it in the default iManager page (Roles and Tasks).
Ensure FIPS mode is enabled.
Ensure the line n4u.server.fips_tls=1 is in the /etc/opt/novell/eDirectory/conf/nds.conf file.
NOTE:After enabling FIPS mode, you must restart eDirectory (ndsd) daemon.
Click Admin > Manage Roles and Tasks.
Navigate to LDAP > LDAP Options > View LDAP Servers.
Select the Access Manager server, then click the Connections tab.
Under the SSL Configuration section select only TLSv1.1 and TLSv1.2.
The settings for other sections on the page do not require any change.
Save the configuration and restart the LDAP server from Administration Console.
Run the following commands:
ndstrace -c "unload nldap"
ndstrace -c "load nldap"