CA IAM CS and CA DLP CMS (Central Management Server) must be in the same FIPS 140 mode before CA IAM CS can use the CA DLP Connector to manage a CA DLP endpoint.
The following table shows the supported configuration modes for CA IAM CS and CA DLP CMS.
|
CA IAM CS |
CA DLP CMS |
Supported |
Connection Type |
|---|---|---|---|
|
FIPS 140 Mode |
FIPS 140 Mode |
Yes |
TLS |
|
Non-FIPS 140 Mode |
Non-FIPS 140 Mode |
Yes |
Unauthenticated SSL |
|
FIPS 140 Mode |
Non-FIPS 140 Mode |
No |
N/A |
|
Non-FIPS 140 mode |
FIPS 140 Mode |
No |
N/A |
The CA DLP Connector detects whether CA IAM CS is running in FIPS 140 mode, and configures itself to communicate with the CA DLP endpoint using a FIPS 140 encrypted connection.
If CA IAM CS and CA DLP CMS are both running in FIPS mode, you must install certificates that the CA DLP CMS trusts on CA IAM CS. The certificates are stored in a keystore, copied from the CA DLP CMS.
If CA IAM CS and CA DLP CMS are both running in non-FIPS 140 mode, the CA DLP CMS uses unauthenticated SSL and a CA DLP keystore file is not required.
|
Copyright © 2013 CA.
All rights reserved.
|
|