The following provides instructions for migrating your Hardware Appliance environment from non-FIPS to FIPS mode.
Background
As of version 3.8.0, the Hardware Appliance can be operated according to FIPS 140-2 standard. You can migrate your Hardware Appliance environment from non-FIPS to FIPS mode.
The migration to FIPS mode is only possible with the HSM version PKCS#11 R2. If you want to migrate your PKCS#11 R1 HSM to FIPS mode you have to migrate to PKCS#11 R2 first. We offer you the two migration steps in one migration process. For more details, see Migrating the HSM Key Material from P11-R1 to P11-R2.
Migrating the HSM to FIPS mode
The migration of HSM key material is implemented as a restore migration. You migrate your HSM key material by restoring a Hardware Appliance from a backup.
To migrate the HSM to FIPS mode:
-
Shut down your application/operation.
-
Go to the WebConf tab Backup > Manual Backup and create a backup of the Hardware Appliance.
-
Perform the installation steps described in the section Initial Setup, starting with Step 1: External Erase and Factory Reset.
-
When the WebConf wizard starts, select the option Restore system from backup:
-
Set the date and time and select the backup file that you want to use:
-
Enter the Domain Master Secret that secures the backup and click Verify:
-
The option Migrate HSM key material into FIPS mode appears. Activate the option to load and activate the FIPS firmware module during the backup process.
-
Click Restore system using this backup to continue the usual Restore system from backup procedure. The actual migration is processed in the background.