Configure Your Application in FIPS-only Mode

CA EEM Getting Started › FIPS 140-2 Support › Configure Your Application in FIPS-only Mode

Configure Your Application in FIPS-only Mode

To configure your application in FIPS-only mode, verify that the CA EEM SDK is in FIPS-only mode, CA EEM SDK uses only FIPS-compliant techniques for cryptography. The CA EEM SDK configuration file, eiam.config controls the secure mode of operation of the CA EEM SDK. Before configuring the CA EEM SDK in FIPS-only mode, verify the following:

Verify that your CA EEM SDK is at version r8.4 SP3 or later.
Migrate any existing P12 certificates used by CA EEM to PEM certificates.
Initialize the CA EEM SDK in FIPS-only mode.

Migrate P12 certificates used by Your Application to PEM certificates.

CA EEM supports P12, PEM, and PKCS#11 certificates with the following considerations:

P12 support is disabled (not available) under FIPS-only mode. As an alternative, in FIPS-only mode, PEM and PKCS#11 certificate support has been added.

Note: CA EEM C# SDK supports only PEM certificates in FIPS-only mode, P12 and PEM certificates in non-FIPS mode.

So, if you are using any P12 certificates, migrate these certificates to one of the supported certificate formats in the FIPS-only mode. Use the igwCertUtil utility to convert P12 certificates to pem certificates. The igwCertUtil is a utility to convert, create, or delete certificates. The igwCertUtil is located in the following folder:

Windows: %IGW_LOC%
UNIX and LINUX: $IGW_LOC

Email CA Technologies about this topic