CA SiteMinder® Federation Standalone Installation and Upgrade Guide › Migrate CA SiteMinder® Federation Standalone to Use FIPS Encryption › FIPS Migration Issues to Consider
FIPS Migration Issues to Consider
Be aware of the following issues before you migrate to FIPS_Only mode:
- If you deploy the federation product in FIPS_ONLY mode with the CA SiteMinder® Connector enabled, the back-end CA SiteMinder® system must be version r12x and be operating in FIPS_ONLY mode.
If the CA SiteMinder® system is r6.0 SP5, this system does not support FIPS-compatible operations, so CA SiteMinder® Federation Standalone cannot operate in FIPS_ONLY mode.
- CA SiteMinder® Federation Standalone releases prior to r12.1 do not support FIPS-approved encryption algorithms for private key generation. These releases support only MD5 as the signature algorithm for private key generation, which is not an approved FIPS algorithm.
If you have private keys that use only MD5 as the signature algorithm, take the following actions at both sites in a partnership:
- Generate new private keys
- Get new certificates
- Update all required partnerships with the new public keys.
Copyright © 2013 CA.
All rights reserved.
|
|