Previous Topic: Set the Policy Engine to FIPS_MIGRATE Mode

Next Topic: Re-encrypt the Database Administrator Password

Federation Manager Installation and Upgrade GuideMigrate Federation Manager to Use FIPS EncryptionHow to Migrate from FIPS_COMPAT Mode to FIPS_Only ModeReencrypt the Policy Store Encryption Key

Reencrypt the Policy Store Encryption Key

The next step in the migration process is to re-encrypt the policy store encryption key.

To re-encrypt the policy store key

  1. If you have not already downloaded the Federation Manager web kit, go to the Technical Support site and download the kit for your operating environment.
  2. Copy smreg to federation_mgr_home/siteminder/bin.
  3. Open a command prompt window.
  4. Enter the following command at a command prompt:

    smreg -cf MIGRATE -key admin_password

    admin_password

    Specifies the Federation Manager administrator password you provided during installation.

  5. Open the EncryptionKey.txt file in the directory federation_mgr_home\siteminder\bin.

    The new encryption key is present and has a prefix with a FIPS-compliant algorithm, such as AES.

The re-encryption is complete.