Previous Topic: Enable Communication Between CA IAM Connector Server and CA DLP In FIPS 140 ModeNext Topic: CA DLP Connector Specific Features

CA Identity Manager Connector GuidesConnectors GuideConnecting to EndpointsCA DLP ConnectorEEM Resource ClassesGenerate a New Keystore

Generate a New Keystore

When the keystore.dat file on the CA DLP CMS changes or is compromised, generate a new keystore file so that CA IAM Connector Server and CA DLP CMS can communicate in FIPS 140 mode.

To generate a new keystore

  1. On the CA DLP CMS, revoke the current CA DLP keystore.
  2. On the CA DLP CMS, install the new keystore.
  3. On the computer used to create certificates for use by CA DLP, navigate to the following folder:

    C:\FIPS\AdvancedEncryption\output

  4. Copy the keystore.dat file to the following folder on the CA IAM Connector Server computer:

    CS_HOME\conf

  5. Rename the keystore.dat file to dlp.ssl.keystore.
  6. Restart CA IAM Connector Server.

    CA IAM Connector Server is now in FIPS 140 mode and you can now use the CA DLP connector to manage the DLP CMS endpoint.

    Note: For information about revoking and generating a keystore, see the CA DLP Deployment Guide.