FIPS 140-2 compliance - can it be enabled/disabled after Identity Manager is installed?

book

Article ID: 50542

calendar_today

Updated On:

Products

DIRECTORY CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On SECURITY MISC CODES SINGLE SIGN ON - LEGACY CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

We installed IM (Web UI, Provisioning Server, Directory, Manager) without FIPS 140-2 compliance turned on. Is there a method to enable FIPS compliance without re-installing all the products?

Solution:

Once FIPS 140-2 support is enabled for an Identity Manager deployment, you cannot disable it. Similarly, if you install Identity Manager without enabling FIPS 140-2 support, you cannot add support at a later time.

You should also be aware that there is no way of swapping the key once installed so be sure it is never compromised or else it will need a product re-install.

Environment

Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente
Component: