|
|
|
When you configure CA EEM Server in FIPS-only mode, CA EEM uses only FIPS 140-2 compliant cryptographic libraries to encrypt and decrypt sensitive data.
Notes:
To configure CA EEM in FIPS-only mode
dxserver stop all ssld stop
su - dsa -c "dxserver stop all" su - dsa -c "ssld stop"
<FIPSMode>ON<FIPSMode>
Note: To change the mode from FIPS-only to non-FIPS, set FIPSMode tag to OFF.
ssld remove iTechPoz-Server ssld install iTechPoz-Server -certfiles "%DXHOME%/config/ssld/personalities" -ca "%DXHOME%/config/ssld/iTechPoz-trusted.pem" -port 21847 -fips
su - dsa ssld remove iTechPoz-Server ssld install iTechPoz-Server -certfiles $DXHOME/config/ssld/personalities -ca $DXHOME/config/ssld/iTechPoz-trusted.pem -port 21847 -fips
Note: The option -port specifies the ssld port. If you have configured a different ssld port, replace 21847 in the preceding commands with the correct port number. Also, if you are changing the security mode from FIPS-only to non-FIPS, use the commands in this step without the -fips option.
ssld start dxserver start all
su - dsa -c "ssld start" su - dsa -c "dxserver start all"
CA EEM is configured in a FIPS-only mode.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |