Federation Manager GuideMigrate Federation Manager to Use FIPS EncryptionHow To Migrate from FIPS_COMPAT Mode to FIPS-Only Mode › Deactivate the SSL Configuration

Previous Topic: How To Migrate from FIPS_COMPAT Mode to FIPS-Only Mode

Next Topic: Back Up the Existing Configuration

Deactivate the SSL Configuration

The first step to migrate to FIPS Only mode is to deactivate SSL for the Embedded web server or Administrative UI section. If you did not activate SSL to begin with, skip this step.

To deactivate SSL

  1. Begin at the SSL Configuration dialog.
  2. Click Deactivate in the Embedded web server or Administrative UI section.

    A confirmation prompt is displayed asking if you want to disable SSL.

  3. Click Yes to complete the deactivation.
  4. For the Federation Manager UI only, delete the tomcat.keystore file manually. This file is located in the following directory:

    federation_mgr_home/secure-proxy/SSL/keys

    Deactivating SSL for the Federation Manager UI does not delete the corresponding key store file. If you change the UI SSL certificate for any reason, the certificate is not updated, which results in Federation Manager using the wrong certificate. Deleting the Tomcat key store helps ensure that any updates you make to the SSL certificate are reflected.

  5. Restart the Federation Manager services according to your operating environment.

    Note: Do not stop and start the services as the root user.

The SSL connection is no longer active and the SSL Configuration Status setting changes to Server cert signed by CA, SSL ready. The certificate and key files remain so you can re-enable SSL.