After performing the upgrade of a Policy Server in FIPS ONLY mode to version 12.9, there is the following error in the AdminUI

2025-08-06 21:17:26,340 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] (default task-1) Keyfile '/com/netegrity/config/keys/FIPSkey.dat' not found. Unable to get secret key: /com/netegrity/config/keys/FIPSkey.dat (No such file or directory)
2025-08-06 21:17:26,342 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] (default task-1) Keyfile '/com/netegrity/config/keys/FIPSkey.dat' not found. Unable to get secret key: /com/netegrity/config/keys/FIPSkey.dat (No such file or directory)

and it is not usable

CA SiteMinder in FIPS ONLY mode upgraded to version 12.9, possibly other versions affected

This is due to SiteMinder not having the variable indicating it is in FIPS ONLY mode loaded when the upgrade is carried out

In particular, script ca_env_ps.ksh in  <Path_to_siteminder>/siteminder contains the following entries

CA_SM_PS_FIPS140="ONLY"; export CA_SM_PS_FIPS140

If this is not sourced, product does not know if it is in FIPS mode when upgrade occurs and it causes these errors to appear

Make sure to run a 

source .ca_env_ps.ksh

under <Path_to_siteminder>/siteminder so that all SiteMinder variables are loaded before you start the upgrade