Previous Topic: Set the Secure Proxy Engine to FIPS_Only ModeNext Topic: Obtain FIPS-Compatible SSL Certificates (Optional)

CA SiteMinder® Federation Standalone Installation and Upgrade GuideMigrate CA SiteMinder® Federation Standalone to Use FIPS EncryptionHow to Migrate from FIPS_COMPAT Mode to FIPS_Only ModeSet the Policy Engine to FIPS_Only Mode

Set the Policy Engine to FIPS_Only Mode

The final step in the migration process is to set the policy engine to FIPS_Only mode.

Follow these steps:

  1. (Solaris only) Source the CA SiteMinder® Federation Standalone environment script, ca_federation_env.ksh to set the proper environment variables.
  2. From a command prompt, run the setFIPSmigration command, as follows:
    Windows

    Enter setFIPSonly

    UNIX
    1. Navigate to federation_install_dir\secure-proxy.
    2. Enter setFIPSonly.ksh.
    3. Run the environment script, ca_federation_env.ksh to set the environment variables.

    After the command is successful, the words FIPS_ONLY appears at the command prompt.

  3. Do one of the following:
    Windows

    Reboot the federation system.

    UNIX

    Restart the federation services by executing the following scripts from a command window:

    1. federation_install_dir/fedmanager.sh stop
    2. federation_install_dir/fedmanager.sh start
  4. Verify that the policy engine is operating in FIPS_ONLY mode. Check the smps log in the directory federation_install_dir\logs\server.