Enable Communication Between CA IAM CS and CA DLP In FIPS 140 Mode

Connector Guides › Connectors Guide › Connecting to Endpoints › CA DLP Connector › FIPS 140 Configuration › Enable Communication Between CA IAM CS and CA DLP In FIPS 140 Mode

Enable Communication Between CA IAM CS and CA DLP In FIPS 140 Mode

To enable communication between CA IAM CS and CA DLP CMS in FIPS 140 mode, CA IAM CS must be installed with FIPS 140 mode enabled and the CA DLP CMS must be deployed in Advanced Encryption Mode.

To enable communication in FIPS 140 mode, copy the CA DLP keystore to CA IAM CS configuration directory.

Note: For more information on FIPS 140 mode, see FIPS 140-2 Compliance in the Configuration Guide. For more information about how to deploy CA DLP in Advanced Encryption Mode, see the CA DLP Deployment Guide.

Follow these steps:

Verify that the CA DLP CMS is in Advanced Encryption Mode. Do the following:
1. Start the CA DLP Administration console.
2. Verify that the activity log contains a message similar to one of the following:
```
I0100     JCE Provider CRYPTOJ 4.0 20071129 1450: Standard mode.
I00FE     JCE Provider CRYPTOJ 4.0 20071129 1450: Advanced mode startup tests ran successfully
```
  If the most recent message starts with id I0100, the CA DLP CMS is deployed in standard mode and is not in FIPS 140 mode. You must configure the CA DLP CMS to use FIPS 140 mode before you can enable FIPS 140 mode for CA IAM CS.
  
  If the most recent message starts with id I01FE, the CA DLP CMS is deployed in Advanced Encryption mode, and the CA DLP CMS is deployed in FIPS 140 mode.
On the computer used to create certificates for use by CA DLP, navigate to the following folder:
```
C:\FIPS\AdvancedEncryption\output
```
Copy the keystore.dat file to the following folder on the CA IAM CS computer:
```
cs-home\conf
```
Rename the keystore.dat file to dlp.ssl.keystore.
Restart CA IAM CS.
CA IAM CS is now in FIPS 140 mode and can use the CA DLP connector to manage the CA DLP CMS endpoint.