FIPS 140-2 compliance - can it be enabled/disabled after Identity Manager is installed?

Document ID : KB000050542
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

We installed IM (Web UI, Provisioning Server, Directory, Manager) without FIPS 140-2 compliance turned on. Is there a method to enable FIPS compliance without re-installing all the products?

Solution:

Once FIPS 140-2 support is enabled for an Identity Manager deployment, you cannot disable it. Similarly, if you install Identity Manager without enabling FIPS 140-2 support, you cannot add support at a later time.

You should also be aware that there is no way of swapping the key once installed so be sure it is never compromised or else it will need a product re-install.