Federation Manager GuideMigrate Federation Manager to Use FIPS EncryptionHow To Migrate from FIPS_COMPAT Mode to FIPS-Only Mode › Set the Policy Engine to FIPS_Only Mode

Previous Topic: Set the Secure Proxy Engine to FIPS_Only Mode

Next Topic: Obtain FIPS-Compatible SSL Certificates (Optional)

Set the Policy Engine to FIPS_Only Mode

The final step in the migration process is to set the policy engine to FIPS_Only mode.

To migrate the policy engine to FIPS_ONLY mode

  1. (Solaris only) Source the Federation Manager environment script, ca_federation_env.ksh to set the proper environment variables.
  2. Execute the setFIPSonly command, according to your operating environment:
    Windows

    Open command prompt window, run setFIPSonly.

    UNIX

    fed-manager_home\secure-proxy and run setFIPSonly.ksh.

    After the command is successful, the words FIPS_ONLY appears at the command prompt.

  3. Do one of the following:
    Windows

    Reboot the Federation Manager system.

    UNIX

    Restart the Federation Manager services by executing the following scripts from a command window:

    1. federation_mgr_home/fedmanager.sh stop
    2. federation_mgr_home/fedmanager.sh start

    When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

  4. Verify that the policy engine is operating in FIPS_ONLY mode by checking the smps log in the directory federation_mgr_home\logs\server.