Install on a FIPS 140-2 enabled machine

Vertica supports the implementation of the Federal Information Processing Standard 140-2 (FIPS).

Vertica supports the implementation of the Federal Information Processing Standard 140-2 (FIPS). You enable FIPS mode in the operating system.

Note

Enabling FIPS on the operating system occurs outside of Vertica.

During installation, the install_vertica script detects whether the host is operating in FIPS mode. The installer searches for the file /proc/sys/crypto/fips_enabled and examines its content. If the file exists and contains a '1' in the filename, the host is operating in FIPS mode and the following message appears:

/proc/sys/crypto/fips_enabled exists and contains '1', this is a FIPS system

Important

On certain systems where the libssl and libcrypto libraries do not have versioning information, when starting Vertica, you may see the message

No version information available

This message is benign and you can ignore it.

To implement FIPS 140-2 on your Vertica Analytic Database, you need to configure both the server and the client you are using. To see the detailed configuration steps, go to Implementing FIPS 140-2.

Symbolic links for OpenSSL

On some non-FIPS systems, versioning anomalies can occur when you install a new version of OpenSSL. Sometimes, the default OpenSSL build procedure produces libraries with versions named 1.0.0. For Vertica to recognize that a library has a higher version number, the library name with a higher version number must be provided. As part of the Vertica installation, symbolic links are created to the appropriate OpenSSL files. The steps are as follows:

The RPM installer places two OpenSSL library files in /opt/vertica/lib:
- libssl.so.1.1
- libcrypto.so.1.1
The install_vertica script creates two symbolic links in /opt/vertica/lib:
- libssl.so
- libcrypto.so
The symbolic links point to libssl.so.1.1 and libcrypto.so.1.1, which the RPM installer placed in /opt/vertica/lib.