ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

EEM Fails To Start with FIPS On and Private Key with Password


Article ID: 237120


Updated On:


CA Process Automation Base


While implementing our EEM server to use custom/signed certificates (following instructions similar to what's here: Apply own p12 certificate in place of the default CA Embedded Entitlements Manager (EEM) certificate), the EEM Server fails to start when separating the private/public key and using a password protected private key. 




Release : ITPAM 4.3, EEM 12.6



This happens is because "PBE algorithms are not allowed in FIPS mode". Based on this you need to make a choice of:

  • Use FIPS ON mode without a private key that is not password protected; or
  • Use FIPS OFF mode with a private key that is password protected.