Connector GuidesConnectors GuideConnecting to EndpointsCA DLP ConnectorInstallationFIPS 140 Configuration › Generate a New Keystore

Previous Topic: Enable Communication Between the Java CS and CA DLP In FIPS 140 Mode

Next Topic: Connector Specific Features

Generate a New Keystore

When the keystore.dat file on the CA DLP CMS changes or is compromised, generate a new keystore file so that the Java CS and the CA DLP CMS can communicate in FIPS 140 mode.

To generate a new keystore

  1. On the CA DLP CMS, revoke the current CA DLP keystore.
  2. On the CA DLP CMS, install the new keystore.
  3. On the computer used to create certificates for use by CA DLP, navigate to the following folder:

    C:\FIPS\AdvancedEncryption\output

  4. Copy the keystore.dat file to the following folder on the Java CS computer:

    <JCS_HOME>\conf

  5. Rename the keystore.dat file to dlp.ssl.keystore.
  6. Restart the Java CS.

    The Java CS is now in FIPS 140 mode and you can now use the CA DLP connector to manage the DLP CMS endpoint.

    Note: For information about revoking and generating a keystore, see the CA DLP Deployment Guide.