Federation Manager GuideMigrate Federation Manager to Use FIPS EncryptionHow To Migrate from FIPS_COMPAT Mode to FIPS-Only Mode › Obtain FIPS-Compatible SSL Certificates (Optional)

Previous Topic: Set the Policy Engine to FIPS_Only Mode

Next Topic: Verify The FIPS Status of the SSL Certificate

Obtain FIPS-Compatible SSL Certificates (Optional)

After you migrate Federation Manager to FIPS_Only mode, the server certificates that Federation Manager uses for SSL configuration must be FIPS-compatible. If the server certificates that Federation Manager is using for SSL are MD5 format, obtain new certificates that use a SHA1 algorithm, which is FIPS-compatible.

To determine whether you need to update the SSL certificates:

  1. Verify the FIPS status of the current SSL certificates.

    These are the certificates for the embedded web server and the Federation Manager UI.

  2. If the FIPS status is False, request a new certificate.
  3. Upload the new FIPS-compatible a server certificate.

Specific procedures are described in the sections that follow.

Copyright © 2010 CA. All rights reserved. Email CA about this topic