Federation Manager Guide › Migrate Federation Manager to Use FIPS Encryption › How To Migrate from FIPS_COMPAT Mode to FIPS-Only Mode › Set the Policy Engine to FIPS_Only Mode

Set the Policy Engine to FIPS_Only Mode

The first step to migrate to FIPS_Only mode is to configure the policy engine in FIPS_only mode.

To set the policy engine to FIPS_only operation

1. Check that Federation Manager is in COMPAT mode. If it is not, reinstall and configure it to run in COMPAT mode.
2. Verify that the Federation Manager UI is operating.
3. (Solaris only) Source the Federation Manager environment script, ca_federation_env.ksh to set the proper environment variables.
4. From a command prompt, run the setFIPSmigration command, as follows:
   • Windows

     Enter setFIPSmigration

   • Solaris
   1. Navigate to federation_mgr_home.
   2. Run the environment script, ca_federation_env.ksh to set the Federation Manager environment variables.
   3. Enter setFIPSmigration.ksh

   The migration process begins.

5. Do one of the following:
   • Windows

     Reboot the Federation Manager system.

   • Solaris

     Restart the Federation Manager services by executing the following scripts from a command window:

     1. federation_mgr_home/fedmanager.sh stop
     2. federation_mgr_home/fedmanager.sh start

     When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

     Note: Do not stop and start the services as the root user. You must be a non-root user.

6. Look at the smps.log file to verify that the policy engine is now in MIGRATE mode.

   The location of the log file is federation_mgr_home/logs/server/smps.log.

The policy engine is now operating in FIPS_MIGRATE mode.