Previous Topic: Set the Secure Proxy Engine to FIPS_Only Mode

Next Topic: Obtain FIPS-Compatible SSL Certificates (Optional)

Federation Manager Installation and Upgrade GuideMigrate Federation Manager to Use FIPS EncryptionHow to Migrate from FIPS_COMPAT Mode to FIPS_Only ModeSet the Policy Engine to FIPS_Only Mode

Set the Policy Engine to FIPS_Only Mode

The final step in the migration process is to set the policy engine to FIPS_Only mode.

Follow these steps:

  1. (Solaris only) Source the Federation Manager environment script, ca_federation_env.ksh to set the proper environment variables.
  2. From a command prompt, run the setFIPSmigration command, as follows:
    Windows

    Enter setFIPSonly

    UNIX
    1. Navigate to federation_mgr_home\secure-proxy.
    2. Enter setFIPSonly.ksh.
    3. Run the environment script, ca_federation_env.ksh to set the environment variables.

    After the command is successful, the words FIPS_ONLY appears at the command prompt.

  3. Do one of the following:
    Windows

    Reboot the Federation Manager system.

    UNIX

    Restart the Federation Manager services by executing the following scripts from a command window:

    1. federation_mgr_home/fedmanager.sh stop
    2. federation_mgr_home/fedmanager.sh start
  4. Verify that the policy engine is operating in FIPS_ONLY mode. Check the smps log in the directory federation_mgr_home\logs\server.