Chapter 14. Setting up system-wide cryptographic policies in the web console

You can set one of system-wide cryptographic policies and subpolicies directly in the RHEL web console interface. Besides the four predefined system-wide cryptographic policies, you can also apply the following combinations of policies and subpolicies through the graphical interface now:

The DEFAULT policy with the SHA-1 algorithm enabled.
The LEGACY policy with less secure settings that improve interoperability for Active Directory services.
The FIPS policy with further restrictions inspired by the Common Criteria for Information Technology Security Evaluation standard.



  1. Log in to the web console. For more information, see Logging in to the web console.
  2. In the Configuration card of the Overview page, click your current policy value next to Crypto policy.

    The web console: Overview

  3. In the Change crypto policy dialog window, click on the policy you want to start using on your system.

    The web console: Change the system-wide cryptographic policy

  4. Click the Apply and reboot button.


  • After the restart, log back in to web console, and check that the Crypto policy value corresponds to the one you selected. Alternatively, you can enter the update-crypto-policies --show command to display the current system-wide cryptographic policy in your terminal.

Additional resources