Federation Manager GuideMigrate Federation Manager to Use FIPS EncryptionHow To Migrate from FIPS_COMPAT Mode to FIPS-Only ModeObtain FIPS-Compatible SSL Certificates (Optional) › Request a FIPS-Compatible Server Certificate

Previous Topic: Verify The FIPS Status of the SSL Certificate

Next Topic: Upload the FIPS-Compatible Certificate
Request a FIPS-Compatible Server Certificate

If the FIPS Approved setting for the Embedded web server or the Administrative UI is False, request a new FIPS-compatible certificate. If both components require a new certificate, generate a separate request for each component and complete the entire request process.

To request a FIPS-compatible server certificate

  1. Log in to the Federation Manager UI.
  2. Navigate to Infrastructure, SSL Configuration.

    The SSL Configuration dialog displays.

  3. Click Request in the appropriate section for the component that requires a new certificate.

    The Request Certificate dialog displays.

  4. Complete the fields in the Request Certificate dialog.

    You are required to request a certificate with a SHA-1signature algorithm so the certificate is FIPS-approved. Some CAs use MD5 by default unless asked to use a different algorithm.

  5. Click Save.

    A file in PKCS#10 format is saved.

  6. Submit the file to a Certificate Authority to receive new certificates. Contact your Certificate Authority for the appropriate procedure to submit a request.

    CA sends a response with a signed certificate.

  7. Upload the new certificate to the Federation Manager key store, as described in the following procedure.
  8. Repeat this procedure for another request, if necessary.

Copyright © 2010 CA. All rights reserved. Email CA about this topic