The following provides instructions for migrating your Hardware Appliance environment from non-FIPS to FIPS mode.

Background

As of version 3.8.0, the Hardware Appliance can be operated according to FIPS 140-2 standard. You can migrate your Hardware Appliance environment from non-FIPS to FIPS mode.

Migration requirement PKCS#11 R2

The migration to FIPS mode is only possible with the HSM version PKCS#11 R2. If you want to migrate your PKCS#11 R1 HSM to FIPS mode you have to migrate to PKCS#11 R2 first. We offer you the two migration steps in one migration process. For more details, see Migrating the HSM Key Material from P11-R1 to P11-R2.

Migrating the HSM to FIPS mode

The migration of HSM key material is implemented as a restore migration. You migrate your HSM key material by restoring a Hardware Appliance from a backup.

To migrate the HSM to FIPS mode:

  1. Shut down your application/operation.

  2. Go to the WebConf tab Backup > Manual Backup and create a backup of the Hardware Appliance.

  3. Perform the installation steps described in the section Initial Setup, starting with Step 1: External Erase and Factory Reset.

  4. When the WebConf wizard starts, select the option Restore system from backup:

  5. Set the date and time and select the backup file that you want to use:

  6. Enter the Domain Master Secret that secures the backup and click Verify:

  7. The option Migrate HSM key material into FIPS mode appears. Activate the option to load and activate the FIPS firmware module during the backup process.

  8. Click Restore system using this backup to continue the usual Restore system from backup procedure. The actual migration is processed in the background.