CA SiteMinder® Federation Standalone Installation and Upgrade Guide › Migrate CA SiteMinder® Federation Standalone to Use FIPS Encryption › How to Migrate from FIPS_COMPAT Mode to FIPS_Only Mode › Obtain FIPS-Compatible SSL Certificates (Optional)

Obtain FIPS-Compatible SSL Certificates (Optional)

After you migrate CA SiteMinder® Federation Standalone to FIPS_Only mode, the server certificates that federation system uses for SSL configuration must be FIPS-compatible. If the server certificates that the system is using for SSL are MD5 format, obtain new certificates that use a SHA1 algorithm, which is FIPS-compatible.

To determine whether you need to update the SSL certificates:

1. Verify the FIPS status of the current SSL certificates.

   These are the certificates for the embedded web server and the Administrative UI.

2. If the FIPS status is False, request a new certificate.
3. Upload the new FIPS-compatible a server certificate.

Specific procedures are described in the sections that follow.