Previous Topic: Set a Policy Server to FIPS-Migration Mode

Next Topic: Re-Encrypt the Policy Store Administrator Password

Re-encrypt a Policy Store Key

You re-encrypt the policy store key to replace the existing key with a version that is encrypted using FIPS-compliant algorithms.

To re-encrypt the policy store key

  1. Open a command prompt from the computer hosting the Policy server and run the following command:
    smreg -cf MIGRATE -key key_value
    

    smreg generates a new policy store key and encrypts it using FIPS-compliant algorithms.

  2. Open the EncryptionKey.txt file, and verify that a new encryption key is present and prefixed with a FIPS-compliant algorithm.

    Prefix example: {AES}

    The policy store key is re-encrypted.

  3. Repeat the latter steps for each Policy Server in the environment.

You may now re-encrypt the policy store administrator password.


Copyright © 2010 CA. All rights reserved. Email CA about this topic