Previous Topic: Enable Communication Between CA IAM CS and CA DLP In FIPS 140 Mode

Next Topic: Connector Specific Features

Connector GuidesConnectors GuideConnecting to EndpointsCA DLP ConnectorFIPS 140 ConfigurationGenerate a New Keystore

Generate a New Keystore

When the keystore.dat file on the CA DLP CMS changes or is compromised, generate a new keystore file so that CA IAM CS and CA DLP CMS can communicate in FIPS 140 mode.

To generate a new keystore

  1. On the CA DLP CMS, revoke the current CA DLP keystore.
  2. On the CA DLP CMS, install the new keystore.
  3. On the computer used to create certificates for use by CA DLP, navigate to the following folder:

    C:\FIPS\AdvancedEncryption\output

  4. Copy the keystore.dat file to the following folder on the CA IAM CS computer:

    CS_HOME\conf

  5. Rename the keystore.dat file to dlp.ssl.keystore.
  6. Restart CA IAM CS.

    CA IAM CS is now in FIPS 140 mode and you can now use the CA DLP connector to manage the DLP CMS endpoint.

    Note: For information about revoking and generating a keystore, see the CA DLP Deployment Guide.