Previous Topic: Set the Policy Engine to FIPS_MIGRATE ModeNext Topic: Re-encrypt the Database Administrator Password

CA SiteMinder® Federation Standalone Installation and Upgrade GuideMigrate CA SiteMinder® Federation Standalone to Use FIPS EncryptionHow to Migrate from FIPS_COMPAT Mode to FIPS_Only ModeReencrypt the Policy Store Encryption Key

Reencrypt the Policy Store Encryption Key

The next step in the migration process is to re-encrypt the policy store encryption key.

To re-encrypt the policy store key

  1. If you have not already downloaded the CA SiteMinder® Federation Standalone web kit, go to the Technical Support site and download the kit for your operating environment.
  2. Copy smreg to federation_install_dir/siteminder/bin.
  3. Open a command prompt window.
  4. Enter the following command at a command prompt:

    smreg -cf MIGRATE -key admin_password

    admin_password

    Specifies the CA SiteMinder® Federation Standalone administrator password you provided during installation.

  5. Open the EncryptionKey.txt file in the directory federation_install_dir\siteminder\bin.

    The new encryption key is present and has a prefix with a FIPS-compliant algorithm, such as AES.

The re-encryption is complete.