Previous Topic: How to Switch to FIPS-Preferred ModeNext Topic: Modify the Configuration Policy to Change the FIPS Mode

Client Automation Security FeaturesFIPS-Compliant CryptographyRun the Conversion Utility

Run the Conversion Utility

Running the conversion utility configures DSM components to use the required FIPS mode. Run this utility in the following order:

To run the conversion utility

  1. Verify that all the configuration policies are sealed on the manager.
  2. Open the command-line window and navigate to the ITCM_installpath\bin folder.
  3. Execute the following command: 
    dmscript dsm_fips_conv.dms FIPS_Mode
    FIPS_Mode

    Specifies the FIPS mode you want to switch to. Valid values are FIPS-Only and FIPS-Preferred.

    After the utility completes, it returns a success or failure message. If you have executed the utility with the FIPS-ONLY parameter, the utility changes the FIPS mode of the corresponding manager depending on the success or failure of the utility execution.

  4. Open DSM Explorer on the manager, click the root node, and check the System Status portlet for FIPS-140.

    The FIPS-140 setting displays the FIPS mode of the manager.

    Note: When the manager is operating in any of these two modes, r12 clients (DSM Explorer, CLI, and so on) are prevented from connecting to the manager.

  5. Perform the following steps, if the utility had completed with errors or warnings:
    1. View the log file osimfiputil.log in the ITCM_installpath\bin folder if the script completed with errors or warnings. You can also find more information in the Event log.
    2. Take corrective actions to fix the errors and run the conversion utility again.

      The DSM components are configured to use the required FIPS mode.

Example: Command for running the conversion utility for FIPS-only mode:

dmscript dsm_fips_conv.dms FIPS_ONLY

More information:

How to Switch to FIPS-Only Mode

How to Switch to FIPS-Preferred Mode

Verify the FIPS Mode of DSM Components