Previous Topic: Folders Used By Certificate ScriptsNext Topic: Designate a Secure Server

Platform Deployment GuideAdvanced Encryption ModeHow Do I Deploy CA Data Protection In Advanced Encryption Mode?

How Do I Deploy CA Data Protection In Advanced Encryption Mode?

For CA Data Protection to be compatible with FIPS 140-2, you deploy it in Advanced Encryption Mode. This section describes the deployment procedure.

Follow these steps:

  1. Designate a secure server that is separate from your intended CA Data Protection enterprise.
  2. Generate the self-signed root certificate.
  3. Generate the Key Store and Revocation List.
  4. Deploy your CA Data Protection servers and client machines.
    1. Create new administrative installation source images.
    2. Customize the new source images.
    3. Install the servers and client machines from the appropriate source image.
  5. Confirm that encryption is correctly configured in the machine policy for all your CA Data Protection servers and client machines.
  6. Secure the critical Advanced Encryption files on your CA Data Protection servers and client machines so that they can only be accessed by the CA Data Protection infrastructure.

More information:

Designate a Secure Server

Generate the Root Certificate

Generate the Key Store and Revocation List

Deploy CA Data Protection Machines

Ensure Machine Policy Is Correctly Configured

Secure the Critical Advanced Encryption Files