Installation Guides › Upgrade Guide › Using FIPS-Compliant Algorithms › How to Re-Encrypt Existing Sensitive Data › Set a Policy Server to FIPS-Migration Mode

Set a Policy Server to FIPS-Migration Mode

You set the Policy Servers to FIPS-migration mode so the environment can continue to use the existing SOA Security Manager encryption algorithms as you re-encrypt existing sensitive data using FIPS-compliant algorithms.

To set a Policy Server to FIPS-migration mode

1. Open a command prompt on the computer hosting the Policy Server and run the following command:

   setFIPSmigration
   

   MIGRATION appears in the command window.

2. Stop the Policy Server.

   Note: More information on stopping and starting the Policy Server exists in the Policy Server Administration Guide.

3. Do one of the following:
   • If the Policy Server is installed on a Windows system, reboot the machine.
   • If the Policy Server is installed on a UNIX system, do the following:
     1. Log in as the user that is used to start the Policy Server
     2. Open a command prompt
     3. Navigate to policy_server_home
     4. Run the following command: . ./ca_ps_env.ksh
4. Start the Policy Server.
5. Open the smps.log file and verify that the following line appears:

   Policy Server migrating from classic SiteMinder to FIPS-140 cryptographic algorithms.
   

6. Close the log file.

   The Policy Server is set to operate in FIPS-migration mode.

7. Repeat the previous steps for each Policy Server in the environment.

You may now re-encrypt the policy store key for each Policy Server in the environment.