Federation Manager Guide › Migrate Federation Manager to Use FIPS Encryption › How To Migrate from FIPS_COMPAT Mode to FIPS-Only Mode › Reencrypt the Policy Store Encryption Key

Reencrypt the Policy Store Encryption Key

The next step in the migration process is to re-encrypt the policy store encryption key.

To re-encrypt the policy store key

1. If you have not already downloaded the Federation Manager web kit, go to the Technical Support site and download the kit for your operating environment.
2. Copy smreg to federation_mgr_home/siteminder/bin.
3. Open a command prompt window.
4. Enter the following command at a command prompt:

   smreg -cf MIGRATE -key admin_password

   • admin_password

     Specifies the Federation Manager administrator password you provided during installation.

5. Open the EncryptionKey.txt file in the directory federation_mgr_home\siteminder\bin.

   The new encryption key is present and has a prefix with a FIPS-compliant algorithm, such as AES.

The re-encryption is complete.