The process of generating a self-signed certificate chain used in FIPS mode takes significantly longer than in non-FIPS secured mode. The host may appear hung but, it is working correctly.
Symantec Corporation has acknowledged that the above-mentioned issue is present in the current version(s) of the product(s) mentioned at the end of this article.
Symantec is committed to product quality and this issue is currently being considered by Symantec to be addressed in the next major revision of the product.
There are no plans to address this issue by way of a patch or hotfix in the current or previous versions of the software at the present time.
Please note that Symantec reserves the right to remove any fix from the targeted release if it does not pass quality assurance tests or introduces new risks to overall code stability.
Symantec’s plans are subject to change and any action taken by you based on the above information or your reliance upon the above information is made at your own risk.
Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.
Please contact your Symantec Sales representative or the Symantec Sales group for upgrade information including upgrade eligibility to the release containing the resolution for this issue.
For information on how to contact Symantec Sales, please refer to the following Web site: http://www.symantec.com/business/index.jsp
Workaround
The following actions take significantly longer with FIPS mode turned on than they do with FIPS mode turned off:
Administrators should consider it a best practice to enable FIPS mode as the final step in your setup process before you deploy the host in a production environment.