Step 3: Validate the CCJ and CCS installations
Run the following commands on each host to validate the CryptoComply for Java (CCJ) and CryptoComply for Server (CCS) installation.
- 
                Run the following command to verify that the FIPS configuration is
                    enabled:
                sysctl crypto.fips_enabledExpected output: crypto.fips_enabled = 1
- 
                Run the following command to test that the FIPS kernel module terminates an md5
                    process:
                echo greeting | openssl md5This command must fail, indicating that FIPS is enabled. 
- 
                Run the following commandCloudera Manager server to verify
                    the list of security providers in JDK 11, which grabs the chosen path for the
                        ccj jar file (assume that the
                        bctls file is in the same directory) and show providers
                    with those modules added:
                cat > ListSecurityProviders.java <<-EOF import java.security.Provider; import java.security.Security; public class ListSecurityProviders { public static void main(String[] args) { Provider[] providers = Security.getProviders(); for (Provider provider : providers) { System.out.println("Provider: " + provider.getName()); System.out.println("Version: " + provider.getVersionStr()); System.out.println("Info: " + provider.getInfo()); System.out.println(); } } } EOFjava -p /directory/chosen/for/ccj-bctls/jars/ ListSecurityProviders.javaThe output includes the following providers if they are configured and referenced properly. For example, Provider: CCJ Version: <version> Info: CryptoComply® for Java version <version> Provider: BCJSSE Version: <version> Info: Bouncy Castle JSSE Provider Version <version>
- 
                Run the following command to get the maximum allowed key length:
                
 Expected output:read -r -d '' do_maxAESKeyLength <<EOF java.lang.System.out.println(javax.crypto.Cipher.getMaxAllowedKeyLength("AES/CBC/PKCS5Padding")); EOF answer=`${JAVA_HOME}/bin/jrunscript -Dcom.safelogic.cryptocomply.fips.approved_only=true -e "$do_maxAESKeyLength"` echo $answer2147483647
