search cancel

RFI: CA SSO FIPS compatibility mode


Article ID: 142438


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're migrating the FIPS mode from COMPAT to MIGRATE and we'd like to
know :

  - Is there any impact in existing Policy/Key store ? 
  - What all things we need to consider prior changing the FIPS
    compatibility mode in an existing working setup ?
  - Do we need to perform belowre-encryptions?

    Re-encrypt Policy Store Key
    Re-encrypt Policy Store Administrator Password
    Host re-registration for all web agents
    Re-encrypt Policy and Key Store



Release : 12.8




At first glance, according to documentation, to move to MIGRATE mode,
you need to read carefully the following documentation page. You
indeed needs to encrypt again all sensitive data.

  Re-Encrypt Existing Sensitive Data for FIPS Migration

    Re-encrypt a Policy Store Key
    Re-Encrypt the Policy Store Administrator Password
    Re-encrypt the Super User Password
    Set an Agent to FIPS-Migration Mode
    Re-encrypt Client Shared Secrets
    Re-encrypt Policy and Key Store Data
    Verify that Password Blobs are Re-encrypted