Previous Topic: Back Up the Existing Configuration

Next Topic: Set the Policy Engine to FIPS_MIGRATE Mode

Federation Manager Installation and Upgrade GuideMigrate Federation Manager to Use FIPS EncryptionHow to Migrate from FIPS_COMPAT Mode to FIPS_Only ModeSet the OPENSSL_FIPS Environment Variable

Set the OPENSSL_FIPS Environment Variable

Enable FIPS mode by setting the OPENSSL_FIPS environment variable. Set this variable one time only when you are migrating from COMPAT mode to FIPS Only mode.

Follow these steps:

Windows
  1. Access the Windows System Properties
  2. Access the environment variables.
  3. Add an environment variable as follows:
    Variable Name

    OPENSSL_FIPS

    Variable Value

    1

  4. Save the new variable.
UNIX
  1. Navigate to federation_mgr_home.
  2. Edit the environment script, ca_federation_env.ksh.
  3. Add the following the entry to the script: 
    OPENSSL_FIPS=1;export OPENSSL_FIPS=1
  4. Run the environment script, ca_federation_env.ksh to set the environment variables.
  5. On UNIX systems only, run the federation_mgr_home/bin/migratessltofips.sh script.

    This script ensures that the private key associated with the SSL certificate is properly encrypted.