CA SiteMinder® Federation Standalone Installation and Upgrade Guide › Migrate CA SiteMinder® Federation Standalone to Use FIPS Encryption › How to Migrate from FIPS_COMPAT Mode to FIPS_Only Mode › Obtain FIPS-Compatible SSL Certificates (Optional) › Request a FIPS-Compatible Server Certificate

Request a FIPS-Compatible Server Certificate

If the FIPS Approved setting for the Embedded web server or the Administrative UI is False, request a new FIPS-compatible certificate. If both components require a new certificate, generate a separate request for each component and complete the entire request process.

To request a FIPS-compatible server certificate

1. Log in to the Administrative UI.
2. Navigate to Infrastructure, SSL Configuration.

   The SSL Configuration dialog displays.

3. Click Request in the appropriate section for the component that requires a new certificate.

   The Request Certificate dialog displays.

4. Complete the fields in the Request Certificate dialog.

   You are required to request a certificate with a SHA-1signature algorithm so the certificate is FIPS-approved. Some CAs use MD5 by default unless asked to use a different algorithm.

5. Click Save.

   A file in PKCS#10 format is saved.

6. Submit the file to a Certificate Authority to receive new certificates. Contact your Certificate Authority for the appropriate procedure to submit a request.

   CA sends a response with a signed certificate.

7. Upload the new certificate to the key store, as described in the following procedure.
8. Repeat this procedure for another request, if necessary.