Previous Topic: Gather Environment Information

Next Topic: Re-encrypt a Policy Store Key

Set a Policy Server to FIPS-Migration Mode

You set the Policy Servers to FIPS-migration mode so the environment can continue to use the existing SiteMinder encryption algorithms as you re-encrypt existing sensitive data using FIPS-compliant algorithms.

To set a Policy Server to FIPS-migration mode

  1. Open a command prompt from the computer hosting the Policy Server and run the following command:
    setFIPSmigration
    

    MIGRATION appears in the command window.

  2. Stop the Policy Server.

    Note: More information on stopping and starting the Policy Server exists in the Policy Server Administration Guide.

  3. Do one of the following:
    1. If the Policy Server is installed on a Windows system, reboot the machine.
    2. If the Policy Server is installed on a UNIX system, log in as the user who is used to start the Policy Server.
  4. Start the Policy Server.
  5. Open the smps.log file and verify that the following line appears:
    Policy Server migrating from classic SiteMinder to FIPS-140 cryptographic algorithms.
    
  6. Close the log file.

    The Policy Server is set to operate in FIPS-migration mode.

  7. Repeat the previous steps for each Policy Server in the environment.

You may now re-encrypt the policy store key for each Policy Server in the environment.


Copyright © 2010 CA. All rights reserved. Email CA about this topic