Previous Topic: Back Up the Existing ConfigurationNext Topic: Set the Policy Engine to FIPS_MIGRATE Mode

CA SiteMinder® Federation Standalone Installation and Upgrade GuideMigrate CA SiteMinder® Federation Standalone to Use FIPS EncryptionHow to Migrate from FIPS_COMPAT Mode to FIPS_Only ModeSet the OPENSSL_FIPS Environment Variable

Set the OPENSSL_FIPS Environment Variable

Enable FIPS mode by setting the OPENSSL_FIPS environment variable. Set this variable one time only when you are migrating from COMPAT mode to FIPS Only mode.

Follow these steps:

Windows
  1. Access the Windows System Properties
  2. Access the environment variables.
  3. Add an environment variable as follows:
    Variable Name

    OPENSSL_FIPS

    Variable Value

    1

  4. Save the new variable.
UNIX
  1. Navigate to federation_install_dir.
  2. Edit the environment script, ca_federation_env.ksh.
  3. Add the following the entry to the script: 
    OPENSSL_FIPS=1;export OPENSSL_FIPS=1
  4. Run the environment script, ca_federation_env.ksh to set the environment variables.
  5. On UNIX systems only, run the federation_install_dir/bin/migratessltofips.sh script.

    This script ensures that the private key associated with the SSL certificate is properly encrypted.