How to install Landscape Server on FIPS-compliant machines

This document provides the Landscape-specific steps needed for a FIPS-compliant Landscape deployment. The FIPS-compliant process is quite similar to the standard installation process.

Install and configure Landscape for FIPS-compliant deployments

Use the Quickstart or Manual installation guides, with the following changes:

  • Install packages with apt instead of snap
  • Use external authentication instead of username/password

If you’re configuring Postfix for emails, add the following change:

  • After you’ve used Postconf to configure the /etc/postfix/main.cf file, add an additional step to manually set the SMTP TLS fingerprint digest:

    sudo postconf -e smtp_tls_fingerprint_digest=sha256

    By default, Postfix uses MD5 hashes with the TLS for backward compatibility. In FIPS mode, the MD5 hashing function is not available. SHA-256 is a secure cryptographic hash function that can be used with FIPS.

Related topics

Outside of Landscape, there are additional steps you may need when setting up your full FIPS-compliant deployment. See the following related topics:

Previous Install on Microsoft Azure Next Install Landscape Client

This page was last modified 50 minutes ago. Help improve this document in the forum.